--- title: Apigee 速記 tags: API, Apigee --- # [Apigee](https://cloud.google.com/apigee) Google 旗下的 API 管理平台 ## 主要功能 - API 調用安全性 - 控制流量 - 中介消息 - 控制錯誤處理 - 內容緩存 - 開發者網站 - 分析API流量&數據 - 防範惡意攻擊 - 控制訪問 ## 使用 Apigee 的主要原因 - 安全性 - API key & JWT 的派發 - HMAC (beta) - 惡意攻擊的處理中介 - API 版本控管 - v1 v2 的相容機制，使後端可以保有一個版本就好 - API 使用分析 - [安全防護](https://docs.apigee.com/api-platform/develop/comparing-quota-spike-arrest-and-concurrent-rate-limit-policies) # Base URL - proxy path ``` https://[org_name]-[prod|test].apigee.net/... ``` - developers portal ``` https://[org_name]-[protals-name].apigee.io ``` - 通常會在掛一層 Domain - [Apigee management APIs](https://apidocs.apigee.com/api-reference/content/introduction) # Note 每個 APP 可以設定 18 個自定義參數 每個 Org 可以設定 18 個自定義參數 - 有正式版才可以確認 # Flavors of Apigee - Apigee: A hosted SaaS version in which Apigee maintains the environment, allowing you to concentrate on building your services and defining the APIs to those services. - Apigee hybrid: Lets you manage APIs on-premises, on Google Cloud Platform (GCP), or a mix of both. # [Apigee Edge vs hybird](https://docs.apigee.com/hybrid/v1.2/compare-hybrid-edge) * 沒有 API Spec 儲存功能 (ASP.NET Core > Swagger.json > API snapshot) * 帳號權限與 GCP 深度綁定 * 後續升版問題 # 需求確認 - region 區分 - API key 簽發 - 後端 Server 的安全性 (maybe use two-way TLS) - 版本控管 (Git) - 沙盒環境 - 向廠商發送的請求可以通過 Apigee 轉換後再發送 - ~~[Apigee's source IP range](https://community.apigee.com/questions/65120/is-there-any-fixed-range-or-pattern-in-source-ip-a.html)~~ - Edge provided a dedicated NAT address. # Solution - 目前規劃為各個版本會有各自的 spec, proxy, product 這樣才有辦法在 integrated portal 內同時顯示兩份 spec - 因為 proxy bundle 內的 manifests 包含 SHA，所以只能在 Edge UI 上編輯 # Demo - [x] [HMAC](https://community.apigee.com/questions/84702/no-documentation-for-policy-called-hmac-in-apigee.html) - [ ] with TimeStamp - [x] Git 版本控制 - [x] [Azure DevOps](https://platform.deloitte.com.au/articles/ci/cd-on-apigee-with-azure-devops) - [ ] ~~[Sonar](https://community.sonarsource.com/t/new-release-sonar-apigee-plugin-2-1-0/22801)~~ Cloud 不支援 Plugin - [ ] ~~[Terraform](https://github.com/zambien/terraform-provider-apigee)~~ - [ ] two-way TLS 測試 - [ ] Portal 功能開關 - [ ] Sign Up 限制 - [ ] 關閉 Team & Audiences #### [CI/CD overall solution](https://platform.deloitte.com.au/articles/ci/cd-on-apigee-with-azure-devops) # Question - 所有的API操作只能使用 user:password 來操作嗎? 有類似 Token 驗證的方式? # [MonoRepo](https://github.com/apigee/apigee-config-maven-plugin/wiki/Organize-config-in-a-large-project) <!-- .slide: style="font-size: 18px;" --> ``` git └───/Canal # ---- API Projects ---- ├──/inbound │ └──/v1 # ---- Version ---- │ ├── /apiproxy │ │ ├── policies │ │ ├── proxies │ │ ├── canal-v1.xml │ │ └── targets │ ├── config.json │ └── pom.xml ├──/outbound │ └──/v1 # ---- Version ---- │ ├── /apiproxy │ │ ├── policies │ │ ├── proxies │ │ ├── canal-v1.xml │ │ └── targets │ ├── config.json │ └── pom.xml └── /resources # ---- Project config ---- ├── /edge │ ├── /org │ │ ├── apiProducts.json │ │ ├── developerApps.json │ │ ├── developers.json │ │ └── kvms.json │ ├── /env │ │ ├── /dev │ │ │ ├── caches.json │ │ │ ├── kvms.json │ │ │ └── targetServers.json │ │ ├── /staging │ │ └── /prod │ └── /api │ └── canal-v1 │ ├── caches.json │ └── maskconfigs.json ├── /specs │ └── canal-v1.yaml └── pom.xml ``` # CI/CD 1. Develop API proxies in `test` environment via Apigee Edge UI 2. Download the proxy and push to Azure Git Repo. 3. Trigger Azure Pipeline 4. Code analysis using `apigeelint` 5. `Unit Tests`: `jest` `Integration tests`: `Apickli` `Code Coverage`: `Istanbul/nyc` `Reports`: `Cobertura` 6. Using `Apigee Maven Build Plugin` to publish