Overview for Apigee Gateways

This article provides an overview for both Apigee Gateways: Edge and X. Learn what are the key concepts of those gateways and how Authorization Control Plane and its authorizers can integrate with Apigee Gateways to enhance the security of your APIs.

Apigee X and Apigee Edge are API development and management platforms. Both provide an abstract layer for your backend service APIs and provide security, rate limiting, quotas, analytics, and more. The gateways are based on the concepts of API products and API Proxies. An API proxy is a facade on Apigee Gateway that is, in fact, a set of configuration files and policies for one or more APIs. API proxies are usually delivered to consumers in groups. Such groups are called API products. To control an API proxy, flows that contain logic, condition statements, error handling, and more, are added to the proxy. Such flows can be used to introduce an external API access control enforcement tool and this is where Authorization Control Plane steps in.

Authorization is vast enough to be addressed by specialized products and its requirements are driven by non-trivial and real-life use cases and security requirements. Since Apigee Gateways allow to externalize authorization decisioning using their flows features, you can bring in ACP to satisfy the authorization requirements and to greatly improve your API security.

With ACP you can centrally manage authorization policies at the authorization server level. ACP discovers APIs by pulling them from your Apigee Edge or Apigee X platform and, later on, allows you to apply authorization policies to enforce access control and to prevent your APIs from unauthorized access. When ACP is integrated with Apigee X or Edge platform, it implements externalized policy decision at the endpoint level enforced by the proxies provided by Apigee Gateways. Beyond this service-to-service authorization use case, it also covers authorization and authentication use cases related to the consumption of externally exposed APIs.

Apigee X/Edge Authorizer is a built-in ACP feature that allows you to download a package with the authorizer to easily integrate your ACP instance with your Apigee X/Edge platform. It provides you with a possibility to automatically install a shared flow that contains two policies provided out-of-the-box that are responsible for communicating with the Apigee X/Edge Authorizer, blocking/allowing the request depending on its decision, and for delivering an error status as a response to an unauthorized call to your protected APIs.