Apigee Proxy Template – Part 1
As strong proponents of both the environment and APIs, Google Apigee APAC partner of the year 2019 – The Singularity Mesh, have taken the ethos of ‘Reduce, Reuse, Recycle’ and applied it to the efficient deployment of API proxies.
We have created a template for API development teams to deploy on public, private, or hybrid instances of Google Apigee.
The link for the GitHub repository:
The highlight of the template is to prevent the OWASP Top 10 threats including pre-defined (but easily customizable) authentication, spike arrest, and quota throttling thresholds as well as the ability for logging to SIEM tools such as Splunk, Elastic, or Loggly.
The benefits of this template are three-fold:
- Reduce the amount and the time associated with the creation of boilerplate code. Engineers report a 30-40% decrease in development time
- Reuse the template for highly efficient publishing of API proxies (customizing as necessary)
- Recycle the code created by our Apigee experts to ship production code quickly and minimize the engineer learning curve
Engineers can leverage this proxy code and start building on top of the template to cater to some specific use-cases.
The proxy template helps with the below functionalities:-
- Authorization check
- Dynamically configure KVM and based on the config check, will throw a checked exception if the backend is under maintenance
- Validation of the quota – The quota is configured at the Apigee app level and is referenced in the proxy
- Prevents/blocks DDOS attack/rogue client/performance testing with the Spike Arrest policy
- Generates a correlation-id which is sent to the target server for end-to-end tracing
- Validates and sanitizes the incoming request and the CORS headers
- Logs metadata of the API to SIEM systems such as Loggly
- Prevents the authentication header (x-api-key) from reaching the backend that is sent by clients for proxy validation
- Throws a 404 method not found/implemented exception if none of the proxy paths match
- Reduces the OWASP Top 10 web application security risks
Let the proxy template be the foundation of that initial (or repetitive) proxy configuration and deployment, so you can focus on all the exciting stuff Apigee has to offer!
If you’d like to get in touch with the team behind this powerful open source template, or indeed contribute, please feel free to reach out at firstname.lastname@example.org
Watch this space for the next steps…
The next steps involve the full stroke where we intend to depict the usage of Ready API (from SmartBear) for functional, security, and load testing of Apigee Apis and fix the issues that surface.