Hi, I am using edge cloud enterprise version and edge is connecting to on-prim load balancer as backend to our data center. Request flow is like UI-->Apigee-->LB-->Rest API. I could see , I can bypass the apigee and invoke backend apis through LB if we know the url or some data.
What is the best practice or how should be enterprise level connectivity from cloud to on-prim ?
One of the REST principles is a layered system. Individual components cannot see beyond the immediate layer with which they are interacting. This means that a client connecting to an intermediate component, like a proxy, has no knowledge of what lies beyond.
The whole point of using a proxy layer(Apigee) is to hide/secure the backend implementation.
You can look into TLS,
https://docs.apigee.com/api-platform/system-administration/using-ssl-edge.html
If you have sensitive data in the APIs and want to protect them from API Developers, then have a look at Data Masking, hiding data.
The recommendation from apigee for us is to