This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Apigee SaaS Load balancer - Custom Header - Open API Use Case

Posted 4 weeks ago
gauravsharma5
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Team, 

Is there way to set different API Key for each of load balancers as part of HTTP Header? Each load-balancer will have different API Key. The consumer of the proxy is not going to provide API Key as part of the HTTP Header but expects the load balancer to take care of this requirement, similar to functionality offered by Azure APIM. 

 

 

 <TargetEndpoint name="default">
      <HTTPTargetConnection>
        <LoadBalancer>
          <Algorithm>RoundRobin</Algorithm>
          <Server name="Open API Instnance 1" />
          <Server name="Open API Instnance 1" />
          <MaxFailures>5</MaxFailures>
        </LoadBalancer>
 </HTTPTargetConnection>
</TargetEndpoint>

 

0 1 110
Topic Labels
0 Likes
Reply
1 REPLY 1

Posted on --/--/---- --:-- AM
paul-wright
Staff
Reply posted on --/--/---- --:-- AM

Hi,

No it is not possible to set a header based on the Target Server selected by the Load Balancing algorithm. In most common situations an API key in this case would either represent the consumer or Apigee acting on behalf of the consumer, and would therefore be the same App key regardless of the Target Server the call is sent to as each Target Server in a Load Balanced configuration is assumed to provide the same functionality (as the LB decides which server to send the call to, not application logic).

However, if a server specific identity is needed, you could use the certificate mechanism. Each Target Server definition can use a specific certificate. Whether the server is enforcing mTLS or not, the certificate could be used to provide different identities to each server.

If there is branching logic that decides some traffic should go to server A and some should go to server B and in each case the identity information needs to be different, you could use two different Target Endpoint configurations. Then in the pre-flow for the Target Endpoint, set the appropriate auth headers. The Target Endpoints can still use the Load Balancers. In this case, each Target Endpoint would have its own Headers and Load Balancer configuration.

Reply
Top Solution Authors
View all