Create and deploy a new API proxy

Now that you've configured GCP and the Hybrid UI, and installed and configured the runtime, you're ready to see how it all works together.

This section walks you through the following:

  1. Create a new API proxy in the UI using the API Proxy Wizard
  2. Deploy your new proxy to your cluster with the UI
  3. Check your proxy's status using the deployment revisions API

1. Create a new API proxy using the Hybrid UI

This section describes how to create a new API proxy in the UI by using the API Proxy Wizard.

To create a simple API proxy using the API Proxy Wizard:

  1. Open Hybrid UI in a browser.
  2. Click API Proxies in the main view.
  3. From the Environment drop-down list, select the environment in which you want to create a new API proxy. This section assumes the name of the environment is "test". You created at least one environment in Step 8: Add a new environment in the Hybrid UI.

    The Hybrid UI displays a list of API proxies for that environment. If you haven’t created any proxies yet, the list is empty.

  4. Click +Proxy in the upper right.

    The API Proxy Wizard starts:

  5. Select Reverse proxy (most common), and click Next.

    The Proxy details view is displayed.

  6. Configure your proxy with the following settings:
    • Proxy Name: Enter "myproxy". The remaining steps in this section assume that this is your proxy's ID.
    • Proxy Base Path: Change this to "/myproxy". The Proxy Base Path is part of the URL used to make requests to your API. Edge uses the URL to match and route incoming requests to the proper API proxy.
    • Existing API: Enter "". This defines the target URL that Apigee Edge invokes on a request to the API proxy. The mocktarget service is hosted at Apigee and returns simple data. It requires no API key or access token.
    • (Optional) Description: Enter a description for your new API proxy, such as "Testing Apigee Hybrid with a simple proxy".

    Your API proxy's details should look like the following:

  7. Click Next.
  8. On the Security screen, select Pass through (none) as the security option:

  9. Click Build.

    Hybrid generates the proxy (sometimes referred to as the proxy bundle):

  10. Click Exit.

    Hybrid displays the Proxies view, which displays a list of API proxies. The new proxy should be at the top of the list, with a gray status indicator, meaning that it has not yet been deployed.

2. Deploy your proxy to the cluster using the Hybrid UI

After creating a new proxy, you must deploy it so that you can try it out. This section describes how to deploy your new proxy using the Hybrid UI.

To deploy an API proxy in the Hybrid UI:

  1. In the Hybrid UI, select Develop > API Proxies.

    Be sure the "test" environment is selected.

    The UI displays your new proxy in the proxies list:

  2. Click on the "myproxy" proxy.

    The UI displays the API Proxies Overview tab for that proxy.

    Notice that under Deployments, the Revision column shows "Not deployed".

  3. In the Revision column, expand the drop-down selector to choose the revision to deploy.

    The drop down list displays only "1" and "Undeploy":

  4. Select "1"—the revision that you want to deploy—from the drop down list.

    The UI prompts you to confirm the deployment:

  5. Click Deploy.

    The UI begins the process of deploying revision 1 of your new proxy to the cluster.

    Note that deployment is not an instantaneous process. Hybrid's "eventually" consistent" deployment model means that a new deployment will be rolled out to the cluster over a short period of time and not immediately.

While there are several ways to check the deployment status of a proxy in the UI, the next two steps explain how to call the API proxy you just deployed and how to check the deployment status with a call to the Apigee APIs.

3. Call the API proxy

When the UI indicates your proxy is deployed, you can try calling it:

  1. If you used a fully-qualified domain name (such as for the envs.hostAlias property in your environment configuration, go to Step 3 now.
  2. If you used the wildcard character '*' for the envs.hostAlias property, follow these steps before continuing to Step 3:
    1. Get the external IP for the istio-ingressgateway service. For example:
      kubectl get services -n your-namespace

      In the output, you will see something like this, where is the external ingress IP address:

      NAME                       TYPE           CLUSTER-IP      EXTERNAL-IP      PORT(S)
      istio-ingressgateway       LoadBalancer      80:31381/TCP,443:31391
    2. Copy the value of the EXTERNAL-IP to use in the next step. In this example, you would copy
  3. Call the proxy using cURL or the REST client of your choice. In the first example below, the host alias is a DNS name:
    curl -v -k

    If the call succeeds, you will see the following output:

    Hello, Guest!

    If you used the wildcard character "*" for the host alias, call the API proxy using the external ingress IP address you copied, like this:

    curl -v -k

4. Check your proxy's status using the Apigee APIs

This section describes how to check the status of a proxy using the Apigee APIs.

To check your proxy's status:

  1. On the Kubernetes administration machine, get an OAuth 2.0 access token using the oauth2l utility utility. You will include this token in your calls to the Apigee APIs.

    The following example gets a token using the oauth2l utility:

    oauth2l fetch --json ~/sa-credentials-file.json cloud-platform

    For more information, including alternative methods of obtaining a token, see Obtain an OAuth 2.0 access token.

  2. Copy the returned OAuth 2.0 token and store it in am environment variable, such as TOKEN. For example:
    export TOKEN=ya29....Ts13inj3LrqMJlztwygtM
  3. Call the revisions API, with the following settings:
    • Base URL:
    • Endpoint URL: /organizations/my-organization/apis/myproxy/revisions/1/deployments
    • Protocol: HTTPS
    • Method: GET
    • Headers: "Authorization: Bearer $TOKEN"

    The following example calls the deployment revisions API with these settings using curl:

    curl "" \
    -X GET -H "Authorization: Bearer $TOKEN"

    You should receive a response similar to the following:

      "deployments": [
          "environment": "test",
          "apiProxy": "myproxy",
          "revision": "1",
          "deployStartTime": "1560782439002",
          "pods": [
              "podName": "apigee-runtime-my-organization-test-blue-56b642fv429v",
              "appVersion": "self",
              "deploymentStatusTime": "1560787671389",
              "deploymentStatus": "deployed",
              "statusCode": "200",
              "statusCodeDetails": "Deployment Success",
              "deploymentTime": "1560782471370",
              "podStatus": "active",
              "podStatusTime": "1560787671389"
              "podName": "apigee-runtime-my-organization-test-blue-564422f7dmwj",
              "appVersion": "self",
              "deploymentStatusTime": "1560787670121",
              "deploymentStatus": "deployed",
              "statusCode": "200",
              "statusCodeDetails": "Deployment Success",
              "deploymentTime": "1560782485204",
              "podStatus": "active",
              "podStatusTime": "1560787670121"
          "basePath": "/"

    This example response shows the proxy's status on 2 pods. The deployment status is deployed on both pods.

    Your response might show the status of you proxy on fewer or more pods, depending on your cluster's configuration.

    If you get an empty response or an error, check that:

    • You used the correct base URL. Note that the Hybrid base URL is not the same as the Edge API's base URL. Use
    • You used the correct endpoint URL. Note that the revision is "1" and the endpoint is /organizations/MyOrganization/apis/myproxy/revisions/1/deployments. If you specify a revision that doesn't exist, the request results in an empty response like the following:
      { }
    • You have permissions to access the organization that you specify in the request.
    • Your token has not expired. If it has, regenerate a new one as described in Obtain an OAuth 2.0 access token.
    • You wrapped the "Authorization: Bearer $TOKEN" header in quotes.