Apigee Tutorial | A Comprehensive Guide for Beginners

What is Apigee?

Apigee Edge is a platform for API development and management. Edge fronts your backend service APIs with a proxy layer to give an abstraction or facade, as well as security, rate restriction, quotas, analytics, and other capabilities.

What Apigee Edge?

Apigee Edge is an API development and management platform. Edge provides an abstraction or facade for your backend service APIs by fronting them with a proxy layer, as well as security, rate limiting, quotas, analytics, and other features.You can, for example, watch a webcast about how Walgreens uses APIs and Apigee Edge to provide a rich app ecosystem around photo printing, prescriptions, and other services.

High level architecture

Apigee is made up of the following primary components, as shown in the image:

Apigee services: These are the APIs that you use to create, manage, and deploy your API proxies.

Apigee runtime: A set of containerized runtime services maintained by Google in a Kubernetes cluster. These services process all API traffic that passes through them. Apigee also makes use of the following components: GCP services include identity management, logging, analytics, metrics, and project management.

Back-end services: Used by your apps to provide runtime data access to your API proxies.

Flavors of Apigee

Apigee is available in the following flavors:

Apigee: A hosted SaaS version in which Apigee manages the environment, allowing you to focus on developing your services and defining their APIs.

Apigee hybrid: A hybrid version that includes a runtime plane installed on-premises or in the cloud of your choice, as well as a management plane running in Apigee’s cloud. API traffic and data are confined within your own enterprise-approved boundaries in this model.

Making your services available on the web:

Companies today want to make their backend services available on the web so that they can be consumed by mobile and desktop apps. A company may want to expose services that provide product pricing and availability information, sales and ordering services, order tracking services, and any other services that client apps may require.Companies frequently expose services as a collection of HTTP endpoints. Developers of client apps then make HTTP requests to these endpoints. Depending on the endpoint, the service may then return data to the client app in XML or JSON format.Client apps that consume these services can be implemented as standalone apps for a mobile device or tablet, HTML5 apps that run in a browser, or any other type of app that can make an HTTP endpoint request and consume any response data. These apps could be created and distributed by the same company that exposed the services, or by third-party app developers who use publicly available services.

Apigee serves as a bridge between client applications and backend services.

Instead of directly consuming your services, app developers use an Apigee-created API proxy. The API proxy acts as a bridge between a publicly available HTTP endpoint and your backend service. By creating an API proxy, you are allowing Apigee to handle the security and authorization tasks required to protect your services, as well as analyse and monitor those services. Providers must ensure that they have taken all necessary steps to secure and protect their services from unauthorized access because they make their services available over the web. Consider the following as a service provider:

Security: How will you restrict access to your services to prevent unauthorized use?

Compatibility: Will your services work on multiple platforms and devices?

Measurability: How can you ensure that your services are available by monitoring their availability?

And there are numerous other considerations.After a client app that accesses any services is released, the service provider is required to ensure that those services continue to function over time as they add, modify, or delete those services. To ensure that client apps stay in sync with those services, the service provider must also have a way to keep app developers informed of any changes to the services.

Client app developers face difficulties when attempting to consume services from various providers. There are numerous technologies available today that a service provider can use to expose its services. The same client app may need to use one mechanism to consume a service from one provider and another mechanism to consume a service from another provider. App developers may even be forced to use different mechanisms to consume services from the same provider.

Make Apigee services available:

Apigee provides secure access to your services through a well-defined API that is consistent across all of your services, regardless of service implementation. A consistent API:

• Allows app developers to easily consume your services.
• Allows you to change the backend service implementation without affecting the public API.
• Allows you to take advantage of Apigee’s analytics, developer portal, and other features.

An architecture with Apigee processing the requests from client apps to your backend services is shown in the following image:

Apigee serves as a bridge between client applications and backend services:

Instead of directly consuming your services, app developers use an Apigee-created API proxy. The API proxy acts as a bridge between a publicly accessible HTTP endpoint and your backend service. Apigee handles the security and authorization tasks required to protect your services, as well as the analysis and monitoring of those services, when you create an API proxy. Because app developers make HTTP requests to an API proxy rather than directly to your services, they don’t need to know anything about how your services are implemented.

• The developer only needs to know the URL of the API proxy endpoint.
• Any query parameters, headers, or body parameters passed in a request.
• Any authentication and authorization credentials required.
• The response format, including the response data format, such as XML or JSON.

The API proxy keeps the app developer separate from your backend service. As a result, as long as the public API remains consistent, you are free to change the service implementation. You can, for example, change the database implementation, relocate your services to a new host, or make other changes to the service implementation. Existing client apps will continue to function regardless of backend changes by maintaining a consistent frontend API.Policies on the API proxy can be used to add functionality to a service without modifying the backend service. You can, for example, add policies to your proxy to perform data transformations and filtering, add security, run conditional logic or custom code, and perform a variety of other tasks. The important thing to remember is that policies are implemented on Apigee, not on your backend server.

See Understanding APIs and API Proxies for more information:

Make an API product.An API proxy is the Apigee HTTP endpoint through which developers can access your backend services. While it is possible, you usually do not provide individual API proxies. Instead, you create an API product by combining one or more API proxies.An API product is a combination of API proxies and a service plan. This service plan can limit API proxy access, provide security, enable monitoring and analytics, and provide additional features. Apigee’s API products are also the central mechanism for authorization and access control to your APIs.The important thing to remember is that policies are implemented on Apigee, not on your backend server.When it comes to API products, you have a lot of leeway. Multiple API products, for example, can use the same API proxy. The diagram below depicts three API products. It is worth noting that all products have access to API proxy 3, but only product A has access to API proxy 1.

Each API product has its own set of properties. For example, you could offer one API product with a low access limit, such as 1000 requests per day, at a low cost. You then release another API product for a higher price that provides access to the same API proxy but with a much higher access limit. Alternatively, you could create a free API product that allows read-only access to your services and then sell an API product that allows read/write access to the same API proxies.

See Create API products for more information:

Allow your API product to be accessed by a client-side app.When app developers decide to use your services, they must first register their client application with your API product. To call an API affiliated with an API Product, a client app requires a key.An app developer receives an API key upon registration, which they must include in every request to an API proxy included in the API product. That key is authenticated, and if successful, the request is granted access to your backend service.

For a low price, a product with a low access limit, such as 1000 requests per day. You then release another API product for a higher price that provides access to the same API proxy but with a much higher access limit. Alternatively, you could create a free API product that allows read-only access to your services and then sell an API product that allows read/write access to the same API proxies.You can revoke the key at any time, preventing the client app from accessing your services. You can also set a time limit on a key so that the developer must refresh the key after a certain amount of time. You decide how to handle developer registration requests for your API products. You can automate the registration process or control access manually by using Apigee Developer Services.

1. 1.Make API products available to developers.
2. 2.Construct one or more API proxies that connect publicly accessible URLs to your backend services.
3. 3.Build an API product that includes your API proxies.

Deploy your API proxies as well as your API product:

1. 1.Inform your developers that the API product is now available.
2. 2.Once app developers are aware that your API product is available, they will:
3. 3.Connect their client apps to your API product. You will be given an API key for the API product.
4. 4.Make requests to your services via API proxies (included in the API product) and include the API key in each request.

Apigee Components:

Apigee is made up of API runtime, monitoring and analytics, and developer services, all of which work together to provide a comprehensive infrastructure for API creation, security, management, and operations.Apigee services are all about creating and consuming APIs, whether you’re a service provider building API proxies or an app developer using APIs, SDKs, and other convenience services.The API runtime includes utilities for adding and configuring API proxies, creating API products, and managing app developers and client apps. It relieves your backend services of many common management concerns. When you add an API proxy, you can apply policies to it to add security, rate-limiting, mediation, caching, and other features. Custom scripts, calls to third-party APIs and services, and other methods can be used to customize the behavior of your API proxy.

Monitoring and analytics with Apigee:

Apigee API Analytics provides powerful tools for analyzing short- and long-term API usage trends. You can sPI method to determine where to invest, and creaegment your audience based on top developers and apps, understand usage by Ate custom reports based on business- or operational-level data.Several default types of information are collected as data passes through Apigee, including URL, IP, user ID for API call information, latency, error data, and so on. Other information, such as headers, query parameters, and portions of an XML or JSON request or response, can be added using policies. This data is gathered asynchronously from the actual request/response flow and thus has no bearing on API performance.

Conclusion:

Apigee has become a must-have in the creation of digital businesses because it provides an intelligent API platform to accelerate its pace. API management enables businesses to design, build, secure, scale, and analyze APIs. With the help of APIs, new approaches to serving users with diverse needs can be easily devised. Apigee also assists businesses in securely exchanging information and services across multiple channels and devices through the use of APIs.