Send Docs Feedback

Build a simple API proxy

Apigee Edge enables you to quickly expose backend services as APIs. You do this by creating an API proxy that provides a facade for the backend service that you want to expose. You only need to provide the network address for the backend service, along with some information that Edge uses to create the API proxy that is exposed to developers. 

The API proxy decouples your backend service implementation from the API that developers consume. This shields developers from future changes to your backend services. As you update backend services, developers, insulated from those changes, can continue to call the API uninterrupted.

Watch this video for an overview of the process of creating an API proxy.

Creating an API proxy in the Edge management UI

The easiest way to create an API proxy is using the Edge management UI:

  1. Log in into the Edge management UI.
  2. From the main menu, select APIs > API Proxies.



    A list of all API proxies in your organization is displayed.
  3. To create a new API proxy, select add (+) API Proxy button.

    The Build a Proxy wizard is displayed.

The wizard leads you through the steps needed to generate an API proxy and, to add some minimal features to the API proxy:

The first page of the wizard enables you create an API proxy from the following sources:

Type Description
Reverse proxy (most common) An API proxy that routes inbound requests to existing HTTP backend services. Could be a JSON or XML API.
Node.js App An API proxy that routes to a Node.js backend target running on Edge.
SOAP service An API proxy generated from a WSDL file.
No Target An API proxy with no API backend ("No target").
Proxy bundle An existing API proxy bundle (for example one of the sample API proxies available on GitHub.)

The following sections describe how to create an API proxy using each source.

Learn more:

Creating a reverse proxy for an HTTP service

Edge generates reverse proxies based on two pieces of information:

  • The URL of the backend service
  • The URI path that uniquely identifies the API that will be exposed by the API proxy to consumer apps

The backend service URL typically represents a service-enabled application owned by your organization. It can also point to a publicly available API. The API or service can be under your control (for example, an internal HR application or a Rails application in the Cloud) or it can be a third-party API or service (for example, Twitter or Instagram). 

  1. Login to https://enterprise.apigee.com.
  2. In the API Platform UI, select the APIs tab.
  3. Click (+) API Proxy.
  4. In the Build a Proxy wizard, select Reverse proxy (most common).
  5. Click Next.
  6. Follow the Build a Proxy wizard and make the following selections.
    Field Description
    Details
    Proxy Name The name displayed for your API.
    Proxy Base Path The Proxy Base Path is a URI fragment that uniquely identifies the API that is exposed by this API proxy. API Services uses the Base Path URI to match and route incoming request messages to the proper API proxy. (The Base Path is appended to the domain of the API, which is automatically generated based on your organization name and the environment where the API proxy is deployed.) It's a best practice to include a version number in the project name, for example, /v1/weather. This will determine how your API is invoked by consumer apps.
    Existing API The URL that the API Platform invokes on behalf of apps that call your API through the API proxy URL. This is the URL for the Yahoo! Weather API.
    Description The description of the API.
    Security
    API Key Adds API key-based authentication to your API proxy. When this option is selected, the Impose Quota per Developer option becomes selectable.
    OAuth 2.0 Adds OAuth 2.0 based authentication to your API proxy. When this option is selected, the Impose Quota per Developer option becomes selectable.
    Impose Quota per Developer Adds a policy that limits the number of request messages that can be submitted to your API proxy by an individual app over an interval of time.
    Publish API Product When you select the Secure with API Keys option, the Publish API Product option is automatically selected. For the purposes of this tutorial, be sure to clear this option.
    Add CORS headers Enables CORS (cross-origin resource sharing) to allow a browser to make direct requests to another domain.
    Virtual Hosts
    default To learn about virtual hosts, see Virtual hosts.
    secure  
    Build
    Deploy Environments To learn about virtual hosts, see Virtual hosts.
  7. Click Build and Deploy
    In response, you should see an acknowledgment that your new API proxy was successfully created and deployed in the 'test' environment.
  8. Click View the <proxy name> proxy in the editor to display the details page for the API proxy.

Learn more:

Importing an API proxy from an API proxy bundle

Often you define API proxies as a collection of XML files, along with any other supporting files. By defining your API proxies as a set of files external to Edge you can maintain them in a source-control system, and then import them into Edge for testing and deployment.

Apigee provides a set of API proxy samples as bundles on GitHub that you can download, examine, modify, and upload to Edge. See Using the sample API proxies for more.  

To import API proxies from a set of files: 

  1. Login to https://enterprise.apigee.com.
  2. In the API Platform UI, select the APIs tab.
  3. Click (+) API Proxy.
  4. In the Build a Proxy wizard, select Proxy bundle.
  5. Click Next.
  6. Follow the Build a Proxy wizard and make the following selections.

    Field Description
    Details
    ZIP Bundle Click Choose File and avigate to the ZIP file containing the API proxy configuration.
    Proxy Name The name displayed for your API.
    Build
    Proxy details. Review proxy settings.
  7. Click Build.
  8. In response, you should see an acknowledgment that your new API proxy was successfully imported. API Services automatically deploys the imported API proxy to the 'test' environment in your organization. The API exposed by the API proxy is available to be invoked.
  9. Click View the <proxy name> proxy in the editor to display the details page for the API proxy.

Learn more:

Copying and backing up an API proxy

You can copy an existing API proxy to a new API proxy, or backup and existing API proxy to a set of XML files as an API proxy bundle. Once exported to a bundle, you can import the API proxy to a new proxy, as described above. 

To copy an existing API proxy to a new API proxy:

  1. In the main menu of the management UI, click APIs to display the API Proxies page. 
  2. Click the name of the proxy in the API Proxies table. 
  3. In the upper-left side of the API proxy detail page, click Project > Save as New API proxy.
  4. Specify the name of the new API proxy.
  5. Select Add.

To backup and existing API proxy to an API proxy bundle:

  1. In the main menu of the management UI, click APIs to display the API Proxies page. 
  2. Click the name of the proxy in the API Proxies table. 
  3. In the upper-left side of the API proxy detail page, click Project > Download Current Revision to download a ZIP file of the bundle:

Exposing a SOAP-based web service as an API proxy

In the Build a Proxy wizard, select Soap Service, and follow the wizard to create a pass-through or REST-based proxy for a SOAP service.

For details, see Exposing a SOAP service as an API proxy.

Adding security and CORS support to your API

When you add an API proxy for an existing backend service, the Security page of the Build a Proxy wizard, lets you add features to your API such as security and support for CORS.

If you import an API bundle, then you are responsible for configuring security in the bundle. The UI does not prompt you to add security when importing the bundle.

Adding security

In the Security page of the Build a Proxy wizard, select the type of security you wish to add. Choices include:

  • Pass through - Do not use security. Requests are passed too the backend without any security checks on Apigee Edge.
  • API Key - Adds simple API key verification to the API proxy that you are defining. In response, the API Platform adds a VerifyAPIKey policy and an AssignMessage policy to your API proxy. The VerifyAPIKey policy validates API keys presented by requesting apps. The AssignMessage policy strips the API key, supplied in the API call as a query parameter, from the request forwarded to the backend server.
  • OAuth 2.0 - Edge automatically adds two policies to your API proxy: one policy to verify an access token and another policy to strip the access token from the message before forwarding it to your backend service. To learn how to obtain an access token, see OAuth.

When you check Secure with API Keys, the following additional selections are available:

  • The Impose Quota per Developer checkbox becomes selectable. Check this to add a Quota policy to your API proxy that enforces a limit on the traffic to your API from individual apps.
  • The Publish API Product checkbox becomes selectable and is automatically selected. Check this if you want to automatically generate a product when you build the new API proxy. The autogenerated product will be created with an association to the new API proxy. If you have an existing product with which you want to associate this new API, be sure to clear this checkbox so that you don't create an unnecessary product. For information about products, see What is an API product?

Learn more:

Adding support for CORS

CORS (Cross-origin resource sharing) is a standard mechanism that allows a Web browser to make direct requests to another domain. The CORS standard defines a set of HTTP headers that Web browsers and servers use to implement cross-domain communication.

You can add support for CORS to your API by selecting Add CORS headers in the Security page of the Add a Proxy wizard.

Learn more:

Help or comments?