Open in app

Sign in

Write

Sign in

Google Apigee: Unleashing the Power of APIs

Sumit K
Google Cloud - Community
Published in
8 min readNov 19, 2023

In this Article, We will talk about Apigee and its basic concepts. Before I get into the Apigee, I would like to discuss basic communication between the APIs and their Client

First of All, What exactlyis an API?

APIs (Application Programming Interfaces) have become the cornerstone of software development and integration. They serve as the glue that connects disparate applications, enabling seamless data exchange and functionality sharing. APIs are pivotalin modern application development, solving many challenges and empowering businesses to deliver innovative solutions.The API is not the database or even the server, it is the code that governs the access point(s) for the server.

So for example, we are exposing an API that is consumed by the client. In the case below, The client will send a request to API via a particular endpoint once this request is received by the Application, it executes the API logic and responds to the client with the required data. This is how the communication

Now Think About one of the below scenarios:

Without Apigee or API Management Service

Over here we are getting requests from the client and we want to first authenticate the request from the client at the security module. Once this security is passed we have to add a header (assume that this header is required by API logic) so this is one the processes that we do. Now let’s also assume that the client can only understand XML data but our application can only understand the data in JSON format, In this case, we might need to convert the client request from XML to JSON and JSON to XML while responding to the client. So this is a little bit of complex logic, where the request flow and response flows have to go through. So, in this case, without API management service we implement security, the logic to add header, and the logic to convert the data format and there could be other complex logic that might be required based on the business requirements. So you can imagine how complex and difficult it is to manage this logic when your API scales and grows and that is where the API management service comes into the picture, we can move all this logic to the API management service like the Apigee platform and make our application to only make API logic. In this way, it is easy for the developers to focus on creating the APIs and they don’t need to worry about additional things.

why would we need an API?

Imagine you’re planning a trip and need to book a flight. You could visit the websites of various airlines individually to check for available flights and compare prices. However, this would be time-consuming and inefficient. A more streamlined approach would be to use a travel searches engine like Makemytrip, Goibio, Ixigo, Expedia and many more..

These travel search engines integrate with various airlines and travel providers using APIs. When you search for flights on their platform, they send API requests to those providers to retrieve real-time flight information, including availability, pricing, and schedules. This data is then aggregated and presented to you in a user-friendly interface, allowing you to easily compare and book flights.

The Driving Force Behind Public Web APIs

Large technology companies like Google, Microsoft, Amazon, and Facebook offer a variety of public APIs that provide access to their data and services. For example, the Google Search API allows developers to integrate Google’s search functionality into their applications.

Public APIs can help organizations reach a wider audience and attract new users to their products and services.

Some organizations offer premium plans for their public APIs, allowing them to generate revenue from their data and services.

why JSON is used by modern APIs

JSON (JavaScript Object Notation) is a popular data-interchange format that is widely used in APIs. JSON’s syntax is simple, lightweight and easy to understand, making it easy for both humans and machines to parse. This makes it an ideal format for exchanging data between applications.

JSON is not tied to any specific programming language, making it interoperable with various platforms and applications.

JSON is natively supported by most programming languages and web browsers, making it easy to integrate into existing applications and platforms.

This is fairly easy to read — our data is stored as key/value pairs. This means that we can see the key on the left, and the value on the right.

{
  "id": 1234,
  "departureAirport": "SFO",
  "arrivalAirport": "LAX",
  "departureDateTime": "2023-11-20T18:00:00",
  "arrivalDateTime": "2023-11-20T20:00:00",
  "duration": "2 hours",
  "operatingAirline": "United Airlines",
  "equipment": "Boeing 737",
  "price": 199.00
}

Now, Let’s Talk about the agenda of this article :)

What is API Management Service?

An API management service is a platform that helps organizations design, publish, secure, and monitor their APIs. API management services provide a centralized hub for managing all aspects of the API lifecycle, from creation and deployment to consumption and analysis.

Prominent API Management Service Providers

Several leading providers offer API management solutions, each with its strengths and capabilities. Here are some of the most prominent players in the market:

Google Apigee

AWS API Gateway

Microsoft Azure API Management

several other companies offer API management solutions, including MuleSoft, IBM and many more. The choice of API management provider depends on specific organizational requirements, technical expertise, and budget considerations.

What is Apigee?

  • Overview
  • why do you need Apigee
  • Apigee — API Proxy
  • Apigee — API Policies
  • Apigee — API Products
  • Apigee — API apps
Google Apigee

Overview:

Apigee is a fully managed API management platform offered by Google Cloud that allows organizations to create, publish, consume, and monitor APIs. It provides a powerful suite of tools for designing APIs, managing traffic, enforcing security policies, and gaining valuable insights into API usage. Apigee’s flexibility and scalability make it an ideal choice for businesses of all sizes, from startups to large enterprises.

Why do you need Apigee?

  1. Securing your APIs from OWASP threats.
  2. Enforcing DDoS protection, and OAuth and JWT-based access control.
  3. Generating rate plans and monetizing APIs.
  4. Generating business use-case-related analytics reports.
  5. Global Reach and Performance
  6. Privacy and Compliance

API Proxy is the one that is sitting in front of your API. So API proxy is the which executes whatever logic is needed to process the client request flow before landing on your API and sending it back to the client. This is like one-to-one mapping of our API and API proxy. API proxy will contain whatever policy that needs to execute on the request flow and response flow. So, API proxy functions as a mapping of a publicly available HTTP endpoint to your backend service. By creating an API proxy let Apigee handle the security and authorization tasks required to protect your services, as well as to analyze and monitor those services. The API proxy isolates the app developer from your backend service. Therefore you are free to change the service implementation as long as the public API remains consistent.

Apigee API Proxy and API Policies

Because app developers make HTTP requests to an API proxy, rather than directly to your services, developers do not need to know anything about the implementation of your services. All the developer needs to know is:

  • The URL of the API proxy endpoint.
  • Any query parameters, headers, or body parameters passed in a request.
  • Any required authentication and authorization credentials.
  • The format of the response, including the response data format, such as XML or JSON

API Policies are the ones where All your Authentication, Security, header, Traffic management and data transformation logic can be accomplished. policies can be applied on request and response. it can do the logic on the top of that request.

Apigee API Policies

API Product is a bundle of one or more API proxies.t represents a specific service offering that you can provide to developers. Think of it as a product catalog for your APIs. For example, A school district wants to provide a centralized platform for accessing and managing student data. They want to expose APIs that allow Parents to just read the student information while the teacher or administrator to accesses All the APIs of student information such as create, delete, update, etc.

Apigee Product

Apigee App is a low-code development platform that allows you to quickly and easily build mobile and web applications. It is a cloud-based platform that provides a drag-and-drop interface for building user interfaces, and it integrates with Apigee API Proxy to connect to backend services.

client needs to register an app in the Apigee platform to access Apigee products. On successful registration, client gets an API key. the API key will be used to authenticate the client and allow access to your Application APIs

Apigee Apps

The following illustration shows the lifecycle of an API proxy call as it moves through the provisioned Apigee system components:

An external application initiates a request to an Apigee API proxy. This request passes through a global Layer 7 (L7) external HTTPS load balancer (ELB), which is equipped with an externally accessible IP address and a TLS certificate. The ELB forwards the request to a virtual machine (VM) that acts as a bridge between your Virtual Private Cloud (VPC) and Google’s VPC, which is managed by Apigee. The VM relays the request to Apigee, where the API proxy is executed. Apigee then communicates with the backend service to process the request, and the response is subsequently transmitted back to the client application.

Apigee architecture

Access Routing:

Internal or Internet. For the Internet, Google will auto-create an External Load balancer and instance group/

Configure External load balancer To Access APIs from the internet

Conclusion:

This article provided insights into crucial elements of Google Apigee(API proxies, policies, API products, and API apps). Understanding these components is essential for robust API management, ensuring security, scalability, and efficient delivery.

Next Steps:

Stay tuned for my next blog, where we will dive into a practical demo showcasing how to implement these concepts within Google Apigee. I hope you like this article. Please share it if helpful and don’t forget to follow me :) Please subscribe for upcoming blogs.

Book a call for consulting/assistance: https://topmate.io/sumit_kumar40

Apigee
Apigee Proxy
API
Google Cloud Platform
Gcp App Dev

--

--

Sumit K
Google Cloud - Community

Written by Sumit K

417 Followers
Writer for

Humanity is the quality that we lack so much in real life, An Abide leaner, Cloud Architect⛅️, Love DevOps, AWS Community Builder 2023, Proud Hindu 🕉️

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams