As you mentioned, this is one way to do it. Is there a a way for the application developer generate the api keys, put in Keyvault (Azure or Aws similar) then let Apigee access the key from the keyvault?
But there is something that I do not understand. Anybody wanting to access the API without an API KEY will be able to access the target URL, since this url is openly accessible on internet? This is not secure at all. There might be something I do not understand properly...
When you are using Apigee API to call Target URL, target URL wont be visible to you. You are using Apigee API to call target URL and you will have only Apigee API URL which is secured with API Key. Without API key user cannot call APigee API. I hope this clarifies your doubt.
It seems my previous comment was quickly deleted (automated checks on Google Cloud Tech channel?). A combination of options can protect the target URL and allow only Apigee access it: the target URL could be in a private network, where only Apigee has access to it, use mutual TLS (mTLS, 2-way-TLS) to authenticate both Apigee and the backend, use an APIKEY, JWT token.
It would be great to see a technical explanation of the differences between Apigee and API Gateway.
same here
Is there a video for Apigee OAuth security policy?
As you mentioned, this is one way to do it.
Is there a a way for the application developer generate the api keys, put in Keyvault (Azure or Aws similar) then let Apigee access the key from the keyvault?
But there is something that I do not understand. Anybody wanting to access the API without an API KEY will be able to access the target URL, since this url is openly accessible on internet? This is not secure at all. There might be something I do not understand properly...
When you are using Apigee API to call Target URL, target URL wont be visible to you. You are using Apigee API to call target URL and you will have only Apigee API URL which is secured with API Key. Without API key user cannot call APigee API. I hope this clarifies your doubt.
It seems my previous comment was quickly deleted (automated checks on Google Cloud Tech channel?).
A combination of options can protect the target URL and allow only Apigee access it: the target URL could be in a private network, where only Apigee has access to it, use mutual TLS (mTLS, 2-way-TLS) to authenticate both Apigee and the backend, use an APIKEY, JWT token.
Ningal super.iknow?..and eni vere.but..why you standing.power want world.haaaa
Google.🌟🌟🌟🌟🌟🌟🌟🔨🔨🔨🔨