SlideShare a Scribd company logo
Proprietary + Confidential
Proprietary + Confidential
Apigee Edge: Introduction to Microgateway
Srinandan Sridhar (srinandans@)
© 2017 Apigee All Rights Reserved
Deploy a lean API runtime infrastructure in your
private enterprise environment while getting all the
benefits of Edge API management in the cloud
© 2017 Apigee All Rights Reserved
Use cases ● Reduce latency of traffic for close proximity services
● Keep API traffic within the enterprise-approved
boundaries because of security or compliance
● Continue processing messages if internet connection
is lost
Enterprise Private Cloud
Requires 4.16.01 or
higher on OPDK
© 2017 Apigee All Rights Reserved
● Microgateway is a Node.js application and can be
run by anyone with permission to run such
applications on a given machine
● It’s a lightweight process that can run close to the
target API—even on the same machine
● It requires Node.js 4.5 LTS or later and runs on
Windows, Linux, and macOS
© 2017 Apigee All Rights Reserved
© 2017 Apigee All Rights Reserved
● AX data gets sent to Edge asynchronously
in batch
● If the AX data cannot be sent and the
maximum batch size is reached, analytics
data is dropped
● AX data is sent, regardless of the target
© 2017 Apigee All Rights Reserved
● OAuth and API Key are supported.
● A special proxy is deployed on Edge that
transforms the access token into a JWT token.
● JWT is signed and self-validating. If an API call
uses a JWT token there is enough information
in it to authenticate the call without contacting
● If the API key is used instead, the key validity
and attributes are fetched from Edge. All is
cached in the microgateway for a certain
amount of time.
● API Key
● IP Filtering (whitelist, blacklist, or both)
● OAuth
○ JWT-based tokens
○ Default OAuth is client credentials grant
○ Password grant can be used if IdP is
© 2017 Apigee All Rights Reserved
● OAuth and API Key are supported.
● A special proxy is deployed on Edge that
transforms the access token into a JWT token.
● JWT is signed and self-validating. If an API call
uses a JWT token there is enough information
in it to authenticate the call without contacting
● If the API key is used instead, the key validity
and attributes are fetched from Edge. All is
cached in the microgateway for a certain
amount of time.
● Configured per Microgateway instance
● Enforced 100% and in memory
© 2017 Apigee All Rights Reserved
● OAuth and API Key are supported.
● A special proxy is deployed on Edge that
transforms the access token into a JWT token.
● JWT is signed and self-validating. If an API call
uses a JWT token there is enough information
in it to authenticate the call without contacting
● If the API key is used instead, the key validity
and attributes are fetched from Edge. All is
cached in the microgateway for a certain
amount of time.
● Distributed quota (across MG instances)
● Configured on Edge at product level
● Asynchronous request to Edge to update
● Quotas are approximate
© 2017 Apigee All Rights Reserved
● OAuth and API Key are supported.
● A special proxy is deployed on Edge that
transforms the access token into a JWT token.
● JWT is signed and self-validating. If an API call
uses a JWT token there is enough information
in it to authenticate the call without contacting
● If the API key is used instead, the key validity
and attributes are fetched from Edge. All is
cached in the microgateway for a certain
amount of time.
● Support for one-way and two-way TLS
from consumer to microgateway and
microgateway to backend
● Transformation between JSON to XML
(and vice versa)
● Support for forward-proxy (to Apigee
Cloud and backend API endpoints)
● Default streaming-enabled
© 2017 Apigee All Rights Reserved
Edge Enterprise Gateway vs. Microgateway
Feature Enterprise Gateway Microgateway
OAuth: JWT tokens
● Supports password and client credentials grant
OAuth: opaque tokens
● Supports all four grant types
Spike Arrest & Quota
Threat protection (XML, JSON, RegEx)
Callout (Python, Java, XSLT)
JavaScript callouts, JSON-XML transformation
Bot Detection & Monetization
Containerization or Cloud Foundry Deployments
Logging & Monitoring file system only; basic monitoring
customer dimensions are not possible
* Possible via customization
© 2017 Apigee All Rights Reserved
When to use Microgateway?
Requirement Which gateway?
● Building new APIs or new microservices
● Deploying in PaaS (Cloud Foundry or containers/Kubernetes)
● Distributed API management (a gateway for each API or a few APIs) Microgateway
● A single (or a few) gateways for the enterprise
● Gateway pattern
Enterprise Gateway
● Complex mediation rules (API orchestration, aggregation, etc.) Enterprise Gateway
● Legacy services (such as SOAP) modernization Enterprise Gateway
● Internal APIs or APIs for application-to-application integration (simple APIM policies) Microgateway
● External API traffic
● Monetization
Enterprise Gateway
● Scale: 100s of APIs per second Microgateway
● Scale: 1000s of APIs per second Enterprise Gateway
© 2017 Apigee All Rights Reserved
Deep integrations with multiple clouds
Apigee Microgateway
AWS Integration
Deploy Apigee Microgateway
to EC2 Container Service or
Native CF Integration
Add Microgateway as a CF Route service
or a meta-buildpack
Apigee on Azure Cloud
Easily deploy Apigee Edge
Microgateway as an Azure
App Service or docker
GCP K8S & App Engine Integration
Microgateway can be deployed in
K8S/GKE or App Engine
On-Premises or
Customer Managed
App Engine
© 2017 Apigee All Rights Reserved
*optionally with a container
management infrastructure
Deployment scenarios
Client Edge
Target API
docker container
Simplest deployment: microgateway and target in same container
Internet or
© 2017 Apigee All Rights Reserved
Deployment scenarios
Client Edge
Target API
Simplest deployment: microgateway and target in same machine
Internet or
© 2017 Apigee All Rights Reserved
Deployment scenarios
Client Edge
Target API
Microgateway and target in different machines
Internet or
© 2017 Apigee All Rights Reserved
Deployment scenarios
Client Edge
Target API
Microgateway proxying multiple targets in different machines
Target API
Internet or
© 2017 Apigee All Rights Reserved
Deployment scenarios
Target API
Target API
Load-balancing and SSL termination
Internet or
© 2017 Apigee All Rights Reserved
Deployment scenarios
API Implementation
Machine Machine
Microgateway API Implementation
Intranet traffic protection
© 2017 Apigee All Rights Reserved
● Node.js version 4.5 LTS or later installed.
● Install edgemicro and custom plugin
modules globally:
$ ~> npm install -g edgemicro plugin-1
plugin-2 … plugin-n
When using npm with -g option, the module is
installed in [prefix]/lib/node_modules
directory. The value of [prefix] can be
obtained with the following command:
$ ~> npm config get prefix
● Create a soft link in the plugins directory
ins) for all your custom plugins
$ plugins> ln -s ../../plugin-x .
Microgateway configuration
● Run the command below to generate the
default configuration file:
$ edgemicro init
● Run the edgemicro configure command
with the following options:
$ edgemicro configure -o <org> 
-e <env> -u <email>
When this command is run a new proxy called
edgemicro-auth is created in the organization.
● Copy the key and the secret written to the
standard output by the previous command,
they are required to start the microgateway.
● Verify the installation:
$ edgemicro verify -o <org> 
-e <env> -k <key> -s <secret>
Entities creation
● Create a microgateway-aware proxy (name
prepended with edgemicro_), with the desired
base path and target urls.
● Create a product. Do not forget to add the
edgemicro-auth proxy and the
microgateway-aware proxy to the product and
configure the quota attributes if required.
● Create a developer.
● Create a new developer app and assign the
product and developer created. Keep the
consumer key and consumer secret.
01 02 03
© 2017 Apigee All Rights Reserved
API security configuration
● The oauth plugin should appear and lock as
follows in the configuration file
(~/.edgemicro/<org>-<env>-config.yaml) :
allowNoAuthorization: false
allowInvalidAuthorization: false
● Verify that the oauth plugin is listed in the
plugins section:
- oauth
Token creation and API key verification is done by the
edgemicro-auth proxy. If another service wants to be
used, it needs to be specified in the configuration file:
authUri: <uri>
04 05 06
Spike Arrest configuration
● Add the spikearrest plugin in the
configuration file as a top-level element:
timeUnit: second
allow: 10
bufferSize: 10
● Configure the plugin attributes:
timeUnit (second|minute): window size units.
allow: Max. number of requests allowed in time unit.
bufferSize (optional, default = 0): Number of
requests stored in a buffer. As soon as the next
execution window occurs, buffered requests are
processed first.
● Make sure that the plugin is listed in the
plugins section:
- oauth
- spikearrest
Quota configuration
If a quota was set for the product, add the quota
plugin is listed in the plugins section:
- oauth
- spikearrest
- quota
The quota plugin requires the oauth plugin to be
executed beforehand.
© 2017 Apigee All Rights Reserved
Custom Plugins Configuration
● If the custom plugin has some parameters to
configure, add a top-level element in the
configuration file:
● Add the custom plugin to the plugins list:
- oauth
- spikearrest
- quota
- plugin-x
07 08 09
Server SSL Configuration
Add the edgemicro:ssl attribute to the configuration
key: <absolute path to key file>
cert: <absolute path to cert file>
Client SSL/TLS Configuration
Microgateway can be configured as SSL/TLS client
when acting as client. Settings can be for all/one host:
(ssl|tls): # One or the other
# Here go the properties
host: <domain-name>
(ssl|tls): # One or the other
# Here go the properties
pfx: path to file with client key and cert (PFX format).
key: path to file with client key file (PEM format).
passphrase: passphrase for PFX or private key file.
cert: path to file with client cert file (PEM forma)t.
ca: path to file with trusted certs (PEM format).
ciphers: supported ciphers separated by ‘:’.
rejectUnauthorized: does server cert need to be trusted?
secureProtocol: SSL method to use (eg: SSLv3_method)
servername: server name for SNI TLS extension.
© 2017 Apigee All Rights Reserved
Logging Configuration
Logs can be sent to the stdout or to a log file:
level: info
to_console: true
level: info
dir: /var/tmp
stats_log_interval: 60
rotate_interval: 24
stats_log_interval (seconds, default: 60): interval
when the stats record is written to the log file.
rotate_interval(hours, default: 24): interval when log
files are rotated.
10 11 12
Start Microgateway
Start the microgateway using the following
$ edgemicro start -o <org> -e <env> -k <key> 
-s <secret>
Alternatively you can set the following environment
values so you don’t need to specify the options in
command line:
If changes are done to the configuration file once the
microgateway is started you can use edgemicro
reload command so they are applied without
restarting. That command takes the same options as
edgemicro start command.
Verify API Security
You can make calls to microgateway using the API key
or access token.
$ curl http://localhost:<port>/<path> 
-H "x-api-key: <consumer-key>"
Access Token
$ edgemicro token get -o <org> -e <env> 
-i <key> -s <secret>
$ curl -H 'Authorization: Bearer <token>'
© 2017 Apigee All Rights Reserved
In case microgateway needs to be started as a service, pm2 could be used;
you just need to follow the steps below:
1. Install pm2:
$ npm install -g pm2
2. Start edgemicro using pm2:
$ pm2 start edgemicro -- start -o <org> -e <env> 
-k <key> -s <secret>
Starting edgemicro like this has two advantages: it will be restarted
if it crashes and unhandled exceptions would be recorded in a log file
($PM2_HOME/logs/app-err.log, By default $PM2_HOME is
3. Check whether pm2 has started properly:
$ pm2 logs edgemicro
4. Additional information about the process running (pid, uptime, cpu
usage, memory usage,...) can be obtain with this other command:
$ pm2 list
5. Get the automatically-configured startup script for your machine:
$ pm2 startup
It automatically detects the available init system, but you can
specify it yourself to (eg: pm2 startup systemd). You can also
use option -u to specify the user and --hp to specify the home
6. Once the scripts are generated keep a list of the processes
running, so they will be started at boot time:
$ pm2 save
7. Reboot the machine and check that microgateway is running.
8. Smile :).
© 2017 Apigee All Rights Reserved
Private npm repository
Set up a private npm repository server to install
edgemicro node module and its dependencies, as well
as the node packages of the custom plugins being
used. The advantages of doing this are:
Private modules
You get all the benefits of an npm package system
without sending all code to the public, and use private
packages (eg: custom microgateway plugins) as
easily as the public ones.
Cache for registry
If you have more than one server to install modules
on, this decreases latency and provides limited
failover (if is down, you might still find
something useful in the cache).
Override public packages
If a modified version of some third-party module is
required, it can be published locally under the same
© 2017 Apigee All Rights Reserved
$ npm install -g sinopia forever
$ forever start `which sinopia`
When you start a server, it auto-creates a configuration
file config.yaml that you can later modify.
$ npm adduser --registry http://localhost:4873
$ npm set registry http://<sinopia-server>:4873
Private npm repository: Sinopia
● Local npm registry with minimal configuration.
● No need to install and replicate an entire CouchDB
database, as it has its own a database. If it doesn't
have a package, it fetches it from,
keeping only those packages used.
© 2017 Apigee All Rights Reserved
# path to a directory with all the packages
storage: ./storage
file: ./htpasswd
# scoped packages
# keywords: $all, $anonymous, $authenticated
access: $all
publish: $authenticated
proxy: npmjs
access: $all
publish: $authenticated
proxy: npmjs
- {type: stdout, format: pretty, level: http}
Private npm repository: Sinopia
© 2017 Apigee All Rights Reserved
1. Install nginx.
2. Edit the configuration file /etc/nginx/nginx.conf and
add the following in the http {} block:
upstream example-servers {
server localhost:8001;
server localhost:8002;
server {
listen 80;
server_name emgw;
location /<path> {
proxy_pass http://example-servers;
3. Start the service
© 2017 Apigee All Rights Reserved
1. Install nginx.
2. Edit the configuration file /etc/nginx/nginx.conf and
add the following in the http {} block:
upstream example-servers {
server <mgw1-ip>:8000;
server <mgw2-ip>:8000;
server {
listen 80;
server_name emgw;
location /<path> {
proxy_pass http://example-servers;
3. Start the service.
© 2017 Apigee All Rights Reserved
Determines which upstream server has the least amount of outstanding
connections alive and passes more traffic to it.
upstream example-servers {
server <mgw1-ip>:8000;
server <mgw2-ip>:8000;
Maps the client IP to a server in the list, always sending requests from a
single client to the same server.
upstream example-servers {
server <mgw1-ip>:8000;
server <mgw2-ip>:8000;
upstream example-servers {
server <mgw1-ip>:8000 weight=3;
server <mgw2-ip>:8000;
server <mgw3-ip>:8000;
© 2017 Apigee All Rights Reserved
Bootstrap process
01 02 03
Download public key for JWT
Download list of
microgateway-aware proxies
Download list of API products
and their attributes
© 2017 Apigee All Rights Reserved
Plugin authoring
1. Create a new directory and change to it.
$ ~> mkdir <plugin-name>
$ ~> cd <plugin-name>
2. Initialize a node project:
$ ~> npm init
3. Create a file named index.js, copy the contents below and save it.
'use strict';
var debug = require('debug')('plugin:plugin-name');
module.exports.init = function(config, logger, stats) {
return {
onrequest: function(req, res, next) {
onend_request: function(req, res, data, next) {
next(null, data);
onend_response: function(req, res, data, next) {
next(null, null);
4. Once the plugin is developed, publish the module to your private
npm repository.
$ ~> npm set registry http://<sinopia-server>:4873
$ ~> npm login
$ ~> npm publish
5. In the machine where the microgateway is installed, install the
plugin as a global node module from your private repository.
$ ~> npm set registry http://<sinopia-server>:4873
$ ~> npm install -g <plugin-name>
6. Create a soft link in the edgemicro plugins directory to the custom
$ plugins> ln -s ../../<plugin-name> .
7. Add it to the list of plugins in the microgateway configuration file.
- oauth
- spikearrest
- plugin-name
© 2017 Apigee All Rights Reserved
Plugin authoring
Request handlers
Fires when the first byte of the request is sent.
Gives access to the headers, URL, query
parameters, and HTTP method.
Called when a chunk of data is sent. Passes the
data to the next plugin in the sequence. The data
returned by the last plugin is sent to the target.
Called when all of the request data has been
sent from the client.
Indicates that the client connection has closed.
Called if there is an error sending the request
from the client.
© 2017 Apigee All Rights Reserved
Plugin authoring
Response handlers
Fires when the first byte of the
response is received. Gives access to
the response headers and status code.
Called when a chunk of data is received
from the target. The payload can be
transformed here.
Called when all of the response data
has been received from the target. The
payload can be transformed here too.
Called when the socket connection to
the target is closed.
Called if there is an error receiving the
target response.
© 2017 Apigee All Rights Reserved
Plugin authoring
Things to remember when writing a plugin:
● Request / response handlers must call next() when done processing. If
not, processing will stop and the request will hang.
● The first argument to next() may be an error which will cause
processing to terminate.
● The ondata_ and onend_ handlers must call next() with a second
argument containing the data to be passed to the target or the client. It
can be null if the plugin is buffering and has not enough data to
transform at the moment.
● A single instance of the plugin is used to service all requests and
responses. If per-request state needs to be retained between handler
calls, it can be saved in a property added to the supplied request object,
whose lifetime is the duration of the API call.
● Catch all errors and call next() with the error. If not, the API call will
● Do not perform compute-intensive tasks in the main thread as this can
adversely affect performance.
© 2017 Apigee All Rights Reserved
Plugin authoring
onrequest: function(req, res, next) {
var baseUrl = res.proxy.parsedUrl.pathname;
var proxyBasepath = res.proxy.base_path;
if(proxyBasePath === ‘/users’) {
req.targetPath = baseUrl + ‘/customers’
} else if(proxyBasepath === ‘/businesses) {
req.targetPath = baseUrl + ‘/compies’
Payload transformationURL rewriting
onend_request: function(req, res, data, next) {
var payload = JSON.parse(data,toString());
delete payload.password;
next(null, JSON.stringify(payload));
onend_response: function(req, res, data, next) {
var payload = JSON.parse(data,toString());
delete payload.password;
next(null, JSON.stringify(payload));
© 2017 Apigee All Rights Reserved
Custom logging
If the built-in logger does not fit with your specific logging requirements, a custom plugin can be created.
Here’s an example of a Bunyan JSON logger:
​var bunyan = require('bunyan');
module.exports.init = function() {
var log = bunyan.createLogger({
name: "bunyan-logger-plugin",
streams: [ { level: 'error', stream: process.stdout }, { level: 'info', path: '/var/tmp/mgw-bunyan-info.log' }]
return {
onrequest: function(req, res, next) {'ONREQUEST');
onend_request: function(req, res, data, next) {"ONEND_REQUEST");
next(null, data);
© 2017 Apigee All Rights Reserved
If edgemicro has been started using pm2, monitoring the
CPU and memory usage is simple:
$ pm2 monit
Integration with Keymetrics monitoring dashboard is
quite easy:
1. Sign in for a Keymetrics account
2. Create a new bucket
3. Run the following command with the provided
secret and public keys:
$ pm2 link <secret-key> <public-key>
Thank you

More Related Content

What's hot

API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at NetflixMichael Hart
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API PlatformJohannes Ridderstedt
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?IQ Online Training
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
Principles of microservices XP Days Ukraine
Principles of microservices   XP Days UkrainePrinciples of microservices   XP Days Ukraine
Principles of microservices XP Days UkraineSam Newman
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesSlideTeam
Building APIs with Amazon API Gateway
Building APIs with Amazon API GatewayBuilding APIs with Amazon API Gateway
Building APIs with Amazon API GatewayAmazon Web Services
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right WayAPIsecure_ Official
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
API Management
API ManagementAPI Management
API ManagementProlifics

What's hot (20)

Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
API Strategy Evolution at Netflix
API Strategy Evolution at NetflixAPI Strategy Evolution at Netflix
API Strategy Evolution at Netflix
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
Principles of microservices XP Days Ukraine
Principles of microservices   XP Days UkrainePrinciples of microservices   XP Days Ukraine
Principles of microservices XP Days Ukraine
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
Building APIs with Amazon API Gateway
Building APIs with Amazon API GatewayBuilding APIs with Amazon API Gateway
Building APIs with Amazon API Gateway
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way2022 APIsecure_Shift Left API Security - The Right Way
2022 APIsecure_Shift Left API Security - The Right Way
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
API Management
API ManagementAPI Management
API Management

Similar to Apigee Edge: Intro to Microgateway

API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsApigee | Google Cloud
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayApigee | Google Cloud
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best PracticeShiu-Fun Poon
Building APIs in a Cloud Native Era
Building APIs in a Cloud Native EraBuilding APIs in a Cloud Native Era
Building APIs in a Cloud Native EraNuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Diasapidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Diasapidays
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven IntegrationWSO2
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations WorkshopI Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations WorkshopApigee | Google Cloud
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsApigee | Google Cloud
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
Scalable Deployment Patterns in WSO2 API Manager
Scalable Deployment Patterns in WSO2 API Manager Scalable Deployment Patterns in WSO2 API Manager
Scalable Deployment Patterns in WSO2 API Manager WSO2
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall42Crunch
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introductionChanaka Fernando
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
Scalable deployment options in WSO2 API Manager
Scalable deployment options in WSO2 API ManagerScalable deployment options in WSO2 API Manager
Scalable deployment options in WSO2 API ManagerWSO2
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsVMware Tanzu
Funky serverless features at aws
Funky serverless features at awsFunky serverless features at aws
Funky serverless features at awsDoug Winter
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services

Similar to Apigee Edge: Intro to Microgateway (20)

API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIs
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge Microgateway
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Building APIs in a Cloud Native Era
Building APIs in a Cloud Native EraBuilding APIs in a Cloud Native Era
Building APIs in a Cloud Native Era
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Diasapidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations WorkshopI Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
Scalable Deployment Patterns in WSO2 API Manager
Scalable Deployment Patterns in WSO2 API Manager Scalable Deployment Patterns in WSO2 API Manager
Scalable Deployment Patterns in WSO2 API Manager
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
Protecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API FirewallProtecting Microservices APIs with 42Crunch API Firewall
Protecting Microservices APIs with 42Crunch API Firewall
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introduction
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
Scalable deployment options in WSO2 API Manager
Scalable deployment options in WSO2 API ManagerScalable deployment options in WSO2 API Manager
Scalable deployment options in WSO2 API Manager
Using CredHub for Kubernetes Deployments
Using CredHub for Kubernetes DeploymentsUsing CredHub for Kubernetes Deployments
Using CredHub for Kubernetes Deployments
Funky serverless features at aws
Funky serverless features at awsFunky serverless features at aws
Funky serverless features at aws
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
API Gateway report
API Gateway reportAPI Gateway report
API Gateway report

More from Apigee | Google Cloud

Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Apigee | Google Cloud
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldApigee | Google Cloud
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketApigee | Google Cloud
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorApigee | Google Cloud
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailApigee | Google Cloud
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranApigee | Google Cloud
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!Apigee | Google Cloud
London adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorLondon adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorApigee | Google Cloud
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorLondon Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorApigee | Google Cloud
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryLondon Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryApigee | Google Cloud
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!Apigee | Google Cloud
London Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessLondon Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessApigee | Google Cloud

More from Apigee | Google Cloud (20)

Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
London adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorLondon adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoor
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorLondon Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryLondon Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessLondon Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About Serverless

Recently uploaded

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfmbmh111980
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfOrtus Solutions, Corp
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisNeo4j
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEJelle | Nordend
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAlluxio, Inc.
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockSkilrock Technologies
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandIES VE
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownloadvrstrong314
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareinfo611746
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakó

Recently uploaded (20)

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysis
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by Skilrock
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting software
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków

Apigee Edge: Intro to Microgateway

  • 1. Proprietary + Confidential Proprietary + Confidential Apigee Edge: Introduction to Microgateway Srinandan Sridhar (srinandans@)
  • 2. © 2017 Apigee All Rights Reserved Objective Deploy a lean API runtime infrastructure in your private enterprise environment while getting all the benefits of Edge API management in the cloud “ ”
  • 3. © 2017 Apigee All Rights Reserved Use cases ● Reduce latency of traffic for close proximity services ● Keep API traffic within the enterprise-approved boundaries because of security or compliance purposes ● Continue processing messages if internet connection is lost Microgateway Enterprise Private Cloud Edge Requires 4.16.01 or higher on OPDK
  • 4. © 2017 Apigee All Rights Reserved Description ● Microgateway is a Node.js application and can be run by anyone with permission to run such applications on a given machine ● It’s a lightweight process that can run close to the target API—even on the same machine ● It requires Node.js 4.5 LTS or later and runs on Windows, Linux, and macOS
  • 6. © 2017 Apigee All Rights Reserved Features ANALYTICS (AX) ● AX data gets sent to Edge asynchronously in batch ● If the AX data cannot be sent and the maximum batch size is reached, analytics data is dropped ● AX data is sent, regardless of the target availability
  • 7. © 2017 Apigee All Rights Reserved ● OAuth and API Key are supported. ● A special proxy is deployed on Edge that transforms the access token into a JWT token. ● JWT is signed and self-validating. If an API call uses a JWT token there is enough information in it to authenticate the call without contacting Edge. ● If the API key is used instead, the key validity and attributes are fetched from Edge. All is cached in the microgateway for a certain amount of time. Features API SECURITY ● API Key ● IP Filtering (whitelist, blacklist, or both) ● OAuth ○ JWT-based tokens ○ Default OAuth is client credentials grant type ○ Password grant can be used if IdP is configured
  • 8. © 2017 Apigee All Rights Reserved ● OAuth and API Key are supported. ● A special proxy is deployed on Edge that transforms the access token into a JWT token. ● JWT is signed and self-validating. If an API call uses a JWT token there is enough information in it to authenticate the call without contacting Edge. ● If the API key is used instead, the key validity and attributes are fetched from Edge. All is cached in the microgateway for a certain amount of time. Features ● Configured per Microgateway instance ● Enforced 100% and in memory SPIKE ARREST
  • 9. © 2017 Apigee All Rights Reserved ● OAuth and API Key are supported. ● A special proxy is deployed on Edge that transforms the access token into a JWT token. ● JWT is signed and self-validating. If an API call uses a JWT token there is enough information in it to authenticate the call without contacting Edge. ● If the API key is used instead, the key validity and attributes are fetched from Edge. All is cached in the microgateway for a certain amount of time. Features ● Distributed quota (across MG instances) ● Configured on Edge at product level ● Asynchronous request to Edge to update count ● Quotas are approximate QUOTA
  • 10. © 2017 Apigee All Rights Reserved ● OAuth and API Key are supported. ● A special proxy is deployed on Edge that transforms the access token into a JWT token. ● JWT is signed and self-validating. If an API call uses a JWT token there is enough information in it to authenticate the call without contacting Edge. ● If the API key is used instead, the key validity and attributes are fetched from Edge. All is cached in the microgateway for a certain amount of time. Features ● Support for one-way and two-way TLS from consumer to microgateway and microgateway to backend ● Transformation between JSON to XML (and vice versa) ● Support for forward-proxy (to Apigee Cloud and backend API endpoints) ● Default streaming-enabled QUOTAOTHERS
  • 11. © 2017 Apigee All Rights Reserved Edge Enterprise Gateway vs. Microgateway QUOTAOTHERS Feature Enterprise Gateway Microgateway OAuth: JWT tokens ● Supports password and client credentials grant OAuth: opaque tokens ● Supports all four grant types Spike Arrest & Quota Caching Threat protection (XML, JSON, RegEx) Callout (Python, Java, XSLT) JavaScript callouts, JSON-XML transformation Bot Detection & Monetization Containerization or Cloud Foundry Deployments Logging & Monitoring file system only; basic monitoring Analytics customer dimensions are not possible * * * * Possible via customization
  • 12. © 2017 Apigee All Rights Reserved When to use Microgateway? QUOTAOTHERS Requirement Which gateway? ● Building new APIs or new microservices ● Deploying in PaaS (Cloud Foundry or containers/Kubernetes) Microgateway ● Distributed API management (a gateway for each API or a few APIs) Microgateway ● A single (or a few) gateways for the enterprise ● Gateway pattern Enterprise Gateway ● Complex mediation rules (API orchestration, aggregation, etc.) Enterprise Gateway ● Legacy services (such as SOAP) modernization Enterprise Gateway ● Internal APIs or APIs for application-to-application integration (simple APIM policies) Microgateway ● External API traffic ● Monetization Enterprise Gateway ● Scale: 100s of APIs per second Microgateway ● Scale: 1000s of APIs per second Enterprise Gateway
  • 13. © 2017 Apigee All Rights Reserved Deep integrations with multiple clouds Apigee Microgateway AWS Integration Deploy Apigee Microgateway to EC2 Container Service or AMI Native CF Integration Add Microgateway as a CF Route service or a meta-buildpack Apigee on Azure Cloud Easily deploy Apigee Edge Microgateway as an Azure App Service or docker GCP K8S & App Engine Integration Microgateway can be deployed in K8S/GKE or App Engine APIGEE API SERVICES ANALYTICS DEV MGMT MANAGEMENT SERVICES API DEVELOPMENT SECURITY ANALYTICS On-Premises or Customer Managed App Engine
  • 14. © 2017 Apigee All Rights Reserved *optionally with a container management infrastructure Deployment scenarios Client Edge Microgateway Target API docker container Simplest deployment: microgateway and target in same container Internet or Intranet Internet
  • 15. © 2017 Apigee All Rights Reserved Deployment scenarios Client Edge Microgateway Target API Machine Simplest deployment: microgateway and target in same machine Internet or Intranet Internet
  • 16. © 2017 Apigee All Rights Reserved Deployment scenarios Client Edge Microgateway Target API Machine Microgateway and target in different machines Machine Internet or Intranet Internet
  • 17. © 2017 Apigee All Rights Reserved Deployment scenarios Client Edge Target API Machine Microgateway proxying multiple targets in different machines Machine Proxy Target API Machine Microgateway Proxy Internet or Intranet Internet
  • 18. © 2017 Apigee All Rights Reserved Deployment scenarios Client Edge Nginx Target API Machine Internet Microgateway Target API Machine Microgateway Machine Load-balancing and SSL termination Internet or Intranet
  • 19. © 2017 Apigee All Rights Reserved Deployment scenarios Edge API Implementation Machine Machine Internet Microgateway API Implementation /orders /transactions /customers Intranet Internet Intranet traffic protection
  • 20. © 2017 Apigee All Rights Reserved Deployment Microgateway Prerequisites ● Node.js version 4.5 LTS or later installed. ● Install edgemicro and custom plugin modules globally: $ ~> npm install -g edgemicro plugin-1 plugin-2 … plugin-n When using npm with -g option, the module is installed in [prefix]/lib/node_modules directory. The value of [prefix] can be obtained with the following command: $ ~> npm config get prefix ● Create a soft link in the plugins directory ([prefix]/lib/node_modules/edgemicro/plug ins) for all your custom plugins $ plugins> ln -s ../../plugin-x . Microgateway configuration ● Run the command below to generate the default configuration file: $ edgemicro init ● Run the edgemicro configure command with the following options: $ edgemicro configure -o <org> -e <env> -u <email> When this command is run a new proxy called edgemicro-auth is created in the organization. ● Copy the key and the secret written to the standard output by the previous command, they are required to start the microgateway. ● Verify the installation: $ edgemicro verify -o <org> -e <env> -k <key> -s <secret> Entities creation ● Create a microgateway-aware proxy (name prepended with edgemicro_), with the desired base path and target urls. ● Create a product. Do not forget to add the edgemicro-auth proxy and the microgateway-aware proxy to the product and configure the quota attributes if required. ● Create a developer. ● Create a new developer app and assign the product and developer created. Keep the consumer key and consumer secret. 01 02 03
  • 21. © 2017 Apigee All Rights Reserved Deployment Microgateway API security configuration ● The oauth plugin should appear and lock as follows in the configuration file (~/.edgemicro/<org>-<env>-config.yaml) : oauth: allowNoAuthorization: false allowInvalidAuthorization: false ● Verify that the oauth plugin is listed in the plugins section: plugins: sequence: - oauth Token creation and API key verification is done by the edgemicro-auth proxy. If another service wants to be used, it needs to be specified in the configuration file: edgemicro: authUri: <uri> 04 05 06 Spike Arrest configuration ● Add the spikearrest plugin in the configuration file as a top-level element: spikearrest: timeUnit: second allow: 10 bufferSize: 10 ● Configure the plugin attributes: timeUnit (second|minute): window size units. allow: Max. number of requests allowed in time unit. bufferSize (optional, default = 0): Number of requests stored in a buffer. As soon as the next execution window occurs, buffered requests are processed first. ● Make sure that the plugin is listed in the plugins section: plugins: sequence: - oauth - spikearrest Quota configuration If a quota was set for the product, add the quota plugin is listed in the plugins section: plugins: sequence: - oauth - spikearrest - quota The quota plugin requires the oauth plugin to be executed beforehand.
  • 22. © 2017 Apigee All Rights Reserved Deployment Microgateway Custom Plugins Configuration ● If the custom plugin has some parameters to configure, add a top-level element in the configuration file: plugin-x: param-1: param-2: ● Add the custom plugin to the plugins list: plugins: sequence: - oauth - spikearrest - quota - plugin-x 07 08 09 Server SSL Configuration Add the edgemicro:ssl attribute to the configuration file. edgemicro: ssl: key: <absolute path to key file> cert: <absolute path to cert file> Client SSL/TLS Configuration Microgateway can be configured as SSL/TLS client when acting as client. Settings can be for all/one host: targets: (ssl|tls): # One or the other client: # Here go the properties targets: host: <domain-name> (ssl|tls): # One or the other client: # Here go the properties Properties: pfx: path to file with client key and cert (PFX format). key: path to file with client key file (PEM format). passphrase: passphrase for PFX or private key file. cert: path to file with client cert file (PEM forma)t. ca: path to file with trusted certs (PEM format). ciphers: supported ciphers separated by ‘:’. rejectUnauthorized: does server cert need to be trusted? secureProtocol: SSL method to use (eg: SSLv3_method) servername: server name for SNI TLS extension.
  • 23. © 2017 Apigee All Rights Reserved Deployment Microgateway Logging Configuration Logs can be sent to the stdout or to a log file: edgemicro: logging: level: info to_console: true edgemicro: logging: level: info dir: /var/tmp stats_log_interval: 60 rotate_interval: 24 Properties: stats_log_interval (seconds, default: 60): interval when the stats record is written to the log file. rotate_interval(hours, default: 24): interval when log files are rotated. 10 11 12 Start Microgateway Start the microgateway using the following command. $ edgemicro start -o <org> -e <env> -k <key> -s <secret> Alternatively you can set the following environment values so you don’t need to specify the options in command line: - EDGEMICRO_ORG - EDGEMICRO_ENV - EDGEMICRO_KEY - EDGEMICRO_SECRET If changes are done to the configuration file once the microgateway is started you can use edgemicro reload command so they are applied without restarting. That command takes the same options as edgemicro start command. Verify API Security You can make calls to microgateway using the API key or access token. API Key $ curl http://localhost:<port>/<path> -H "x-api-key: <consumer-key>" Access Token $ edgemicro token get -o <org> -e <env> -i <key> -s <secret> $ curl -H 'Authorization: Bearer <token>' http://localhost:<port>/<path>
  • 24. © 2017 Apigee All Rights Reserved In case microgateway needs to be started as a service, pm2 could be used; you just need to follow the steps below: 1. Install pm2: $ npm install -g pm2 2. Start edgemicro using pm2: $ pm2 start edgemicro -- start -o <org> -e <env> -k <key> -s <secret> Starting edgemicro like this has two advantages: it will be restarted if it crashes and unhandled exceptions would be recorded in a log file ($PM2_HOME/logs/app-err.log, By default $PM2_HOME is ~/.pm2). 3. Check whether pm2 has started properly: $ pm2 logs edgemicro 4. Additional information about the process running (pid, uptime, cpu usage, memory usage,...) can be obtain with this other command: $ pm2 list 5. Get the automatically-configured startup script for your machine: $ pm2 startup It automatically detects the available init system, but you can specify it yourself to (eg: pm2 startup systemd). You can also use option -u to specify the user and --hp to specify the home directory. 6. Once the scripts are generated keep a list of the processes running, so they will be started at boot time: $ pm2 save 7. Reboot the machine and check that microgateway is running. 8. Smile :). Deployment Microgateway
  • 25. © 2017 Apigee All Rights Reserved Deployment Private npm repository Set up a private npm repository server to install edgemicro node module and its dependencies, as well as the node packages of the custom plugins being used. The advantages of doing this are: Private modules You get all the benefits of an npm package system without sending all code to the public, and use private packages (eg: custom microgateway plugins) as easily as the public ones. Cache for registry If you have more than one server to install modules on, this decreases latency and provides limited failover (if is down, you might still find something useful in the cache). Override public packages If a modified version of some third-party module is required, it can be published locally under the same name.
  • 26. © 2017 Apigee All Rights Reserved INSTALLATION INSTRUCTIONS $ npm install -g sinopia forever $ forever start `which sinopia` When you start a server, it auto-creates a configuration file config.yaml that you can later modify. USER CREATION $ npm adduser --registry http://localhost:4873 NPM CLIENTS CONFIGURATION $ npm set registry http://<sinopia-server>:4873 Deployment Private npm repository: Sinopia FEATURES ● Local npm registry with minimal configuration. ● No need to install and replicate an entire CouchDB database, as it has its own a database. If it doesn't have a package, it fetches it from, keeping only those packages used.
  • 27. © 2017 Apigee All Rights Reserved SINOPIA CONFIGURATION FILE # path to a directory with all the packages storage: ./storage auth: htpasswd: file: ./htpasswd npmjs: url: packages: # scoped packages '@*/*': # keywords: $all, $anonymous, $authenticated access: $all publish: $authenticated proxy: npmjs '*': access: $all publish: $authenticated proxy: npmjs logs: - {type: stdout, format: pretty, level: http} listen: - Deployment Private npm repository: Sinopia
  • 28. © 2017 Apigee All Rights Reserved Deployment NGINX LOAD BALANCER (SAME MACHINE) 1. Install nginx. 2. Edit the configuration file /etc/nginx/nginx.conf and add the following in the http {} block: upstream example-servers { server localhost:8001; server localhost:8002; } server { listen 80; server_name emgw; location /<path> { proxy_pass http://example-servers; } } 3. Start the service
  • 29. © 2017 Apigee All Rights Reserved Deployment NGINX LOAD BALANCER (DIFFERENT MACHINES) 1. Install nginx. 2. Edit the configuration file /etc/nginx/nginx.conf and add the following in the http {} block: upstream example-servers { server <mgw1-ip>:8000; server <mgw2-ip>:8000; } server { listen 80; server_name emgw; location /<path> { proxy_pass http://example-servers; } } 3. Start the service.
  • 30. © 2017 Apigee All Rights Reserved Deployment NGINX LEAST-CONNECTED Determines which upstream server has the least amount of outstanding connections alive and passes more traffic to it. upstream example-servers { least_conn; server <mgw1-ip>:8000; server <mgw2-ip>:8000; } IP HASH Maps the client IP to a server in the list, always sending requests from a single client to the same server. upstream example-servers { ip_hash; server <mgw1-ip>:8000; server <mgw2-ip>:8000; } WEIGHTED upstream example-servers { server <mgw1-ip>:8000 weight=3; server <mgw2-ip>:8000; server <mgw3-ip>:8000; }
  • 31. © 2017 Apigee All Rights Reserved Bootstrap process 01 02 03 Download public key for JWT validation Download list of microgateway-aware proxies Download list of API products and their attributes
  • 32. © 2017 Apigee All Rights Reserved Plugin authoring 1. Create a new directory and change to it. $ ~> mkdir <plugin-name> $ ~> cd <plugin-name> 2. Initialize a node project: $ ~> npm init 3. Create a file named index.js, copy the contents below and save it. 'use strict'; var debug = require('debug')('plugin:plugin-name'); module.exports.init = function(config, logger, stats) { return { onrequest: function(req, res, next) { debug('onrequest'); next(); }, onend_request: function(req, res, data, next) { debug('onend_request') next(null, data); }, onend_response: function(req, res, data, next) { debug('onend_response'); next(null, null); }} }; 4. Once the plugin is developed, publish the module to your private npm repository. $ ~> npm set registry http://<sinopia-server>:4873 $ ~> npm login $ ~> npm publish 5. In the machine where the microgateway is installed, install the plugin as a global node module from your private repository. $ ~> npm set registry http://<sinopia-server>:4873 $ ~> npm install -g <plugin-name> 6. Create a soft link in the edgemicro plugins directory to the custom plugin. $ plugins> ln -s ../../<plugin-name> . 7. Add it to the list of plugins in the microgateway configuration file. plugins: sequence: - oauth - spikearrest - plugin-name
  • 33. © 2017 Apigee All Rights Reserved Plugin authoring onrequest ondata_request onend_request onclose_request onerror_request Request handlers onrequest Fires when the first byte of the request is sent. Gives access to the headers, URL, query parameters, and HTTP method. ondata_request Called when a chunk of data is sent. Passes the data to the next plugin in the sequence. The data returned by the last plugin is sent to the target. onend_request Called when all of the request data has been sent from the client. onclose_request Indicates that the client connection has closed. onerror_request Called if there is an error sending the request from the client.
  • 34. © 2017 Apigee All Rights Reserved Plugin authoring onresponse ondata_response onend_response onclose_response onerror_response Response handlers onresponse Fires when the first byte of the response is received. Gives access to the response headers and status code. ondata_response Called when a chunk of data is received from the target. The payload can be transformed here. onend_response Called when all of the response data has been received from the target. The payload can be transformed here too. onclose_response Called when the socket connection to the target is closed. onerror_response Called if there is an error receiving the target response.
  • 35. © 2017 Apigee All Rights Reserved Plugin authoring Things to remember when writing a plugin: ● Request / response handlers must call next() when done processing. If not, processing will stop and the request will hang. ● The first argument to next() may be an error which will cause processing to terminate. ● The ondata_ and onend_ handlers must call next() with a second argument containing the data to be passed to the target or the client. It can be null if the plugin is buffering and has not enough data to transform at the moment. ● A single instance of the plugin is used to service all requests and responses. If per-request state needs to be retained between handler calls, it can be saved in a property added to the supplied request object, whose lifetime is the duration of the API call. ● Catch all errors and call next() with the error. If not, the API call will hang. ● Do not perform compute-intensive tasks in the main thread as this can adversely affect performance.
  • 36. © 2017 Apigee All Rights Reserved Plugin authoring onrequest: function(req, res, next) { var baseUrl = res.proxy.parsedUrl.pathname; var proxyBasepath = res.proxy.base_path; if(proxyBasePath === ‘/users’) { req.targetPath = baseUrl + ‘/customers’ } else if(proxyBasepath === ‘/businesses) { req.targetPath = baseUrl + ‘/compies’ } //… next(); } Payload transformationURL rewriting onend_request: function(req, res, data, next) { var payload = JSON.parse(data,toString()); delete payload.password; next(null, JSON.stringify(payload)); } REQUEST onend_response: function(req, res, data, next) { var payload = JSON.parse(data,toString()); delete payload.password; next(null, JSON.stringify(payload)); } RESPONSE
  • 37. © 2017 Apigee All Rights Reserved Custom logging If the built-in logger does not fit with your specific logging requirements, a custom plugin can be created. Here’s an example of a Bunyan JSON logger: ​var bunyan = require('bunyan'); module.exports.init = function() { var log = bunyan.createLogger({ name: "bunyan-logger-plugin", streams: [ { level: 'error', stream: process.stdout }, { level: 'info', path: '/var/tmp/mgw-bunyan-info.log' }] }); return { onrequest: function(req, res, next) {'ONREQUEST'); next(); }, onend_request: function(req, res, data, next) {"ONEND_REQUEST"); next(null, data); } }; }
  • 38. © 2017 Apigee All Rights Reserved Monitoring If edgemicro has been started using pm2, monitoring the CPU and memory usage is simple: $ pm2 monit Integration with Keymetrics monitoring dashboard is quite easy: 1. Sign in for a Keymetrics account 2. Create a new bucket 3. Run the following command with the provided secret and public keys: $ pm2 link <secret-key> <public-key>