Thank you for the info @Dino-at-Google , but is there any documentation that can highlight the differences between these two products (Ex: Apigee supports openapi 3.0 spec, but API Gateway probably is limited to swagger 2.0)

With Google's wide offerings around API, there is no clear definition of which product can do what.

I've asked the product team to respond here.

Thanks @Dino-at-Google will look forward for an update from product team

@dchiesa1 Can we please get an update on this ?

Ack.

@dchiesa1  any luck with this, please ?

Any updates to this? 😉 Thanks!

Thanks for the feedback!  I appreciate your perspective. 

regarding "API use is exploding everywhere" ... I'm with you... sometimes the blog posts get a little too much input from the marketing team. 

And I get your point that you'd like to have a more concrete comparison of Apigee vs API Gateway. 

The big difference is that Apigee is a full featured API Management platform - with Monitoring + Alerting, a developer portal, a gateway with a policy engine with 50+ policy types,  Support for multiple deployment options (hybrid, X), Productization and Monetization, Advanced Security (AI-powered bot detection and mediation), support for multiple different security protocols, data mediation... All of that adds up to what we call "Platform".   API Gateway is a simple gateway.  If you want that other stuff, you have to build it.  Apigee supports OAuth, SAML, WS-Security, API Keys, ... API Gateway supports API Keys or JWT-based auth, that's it. Apigee supports XML to JSON conversions and other data conversions; API Gateway doesn't. etc etc etc. 

That's the key distinction.  Platform vs Gateway. 

If you are looking for exact comparisons of performance, we haven't done them.  I don't know the maximum throughput you can expect for API Gateway; we haven't thoroughly benchmarked it as far as I know, and I believe you're correct that Google doesn't publish numbers (which we don't have anyway). 

In my experience, throughput of the gateway is not a differentiator between Apigee and Google API Gateway.  It's the platform stuff. 

If you have a single endpoint, or a handful of endpoints, running in Cloud Run, or Cloud Functions, and you'd like to inject some standard Authentication and rate limiting in front of them, API Gateway is a great choice. It's simple, easy, and it works well.  If you have a very large number of endpoints, lots of disparate data sources, different teams publishing APIs, a mix of off-the-shelf APIs and custom APIs, APIs that run in other clouds, if you want to productize or monetize your APIs, ... Then Apigee is the much better choice.

I hope this is helpful. Again thanks for the feedback. 

@dchiesa1 Thank you for the comparison, it's certainly much more useful, and provides better insight into the technical differences between the two services.

The only features we want from a gateway are:
1. Custom external authoriser - we have our own custom authoriser, which can be amended as need to produce a policy in a format that help with integration.
2. Integration with Cloud Run - this is where our actual APIs would be hosted (I know API Gateway already supports this).
3. Manual releases with history and reversion - so that changes to config do not automatically result in a release and there is some history to track releases and revert if required.
4. Ideally inherent DoS/DDoS protection - if not inherent, then integration with another GCP service that sits in front and inherently offers it.

We don't need things like monitoring, monetisation, external APIs, multiple auth protocols, and other platform-specific stuff. The preference would definitely be a lightweight service like API Gateway, but it needs to offer all the features we require. That's one reason why I had suggested a single service that lets the user start simple but can be scaled up to be as complex as needed depending on requirements. Apigee appears to be a service that already starts off complex with all its features needing configuration, even if they are unused.

Of course, I don't know for sure as I have been unable to find GCP documentation to help with this decision.

Further to my previous reply...

Upon further investigation into requirement #1 (custom authoriser), it appears that API Gateway only supports authentication and not authorisation; bizarre, as that's one of the main reasons to have a gateway (to separate concerns and not have your APIs worry about any auth).

Couple sites that appear to confirm this (neither one Google docos unfortunately):
https://stackoverflow.com/a/63766347
https://community.auth0.com/t/how-do-i-handle-scope-based-authorization-with-google-api-gateway/8598...

As per RFC7662, our custom authoriser uses a standard OAuth 2 token introspection endpoint and returns a list of allowed scopes. Our existing AWS API Gateway setup consists of each endpoint defining a list of required scopes and an (integrated Lambda) authoriser which calls our introspection endpoint to compare the list of allowed scopes returned from it to that of the required scopes for the API endpoint being requested.

This is prettttty standard OAuth stuff, so really surprised that GCP API Gateway doesn't provide a way to support this behaviour out of the box (or does it?). I'd be even more surprised if Apigee (with all its platform fluff) doesn't support this either.