Solved Solved

How do I ensure a developer cannot call the target API directly and use the API proxy instead?

nicnicapigee
Explorer

Hi all,

If I am going to expose my internal APIs to the internet so Apigee can proxy it, how do I ensure developers don't call my internal APIs directly?

I have read about whitelisting IP addresses used by Apigee, but how would you go about this if your company's current Apigee setup does not have dedicated IP addresses?

Solved Solved
1 2 173
1 ACCEPTED SOLUTION
Solved Solved

itravindrasingh
Participant V

Hi @Nicnic Nicnic,

If you are using APIGEE cloud version you can request for IPs which can be whitelisted from your backend. Still there are the options for you to protect your backend -

Even you whitelist Apigee IP, you should still consider to have above points as a part of better security model.

Hope this helps, and let me know if you need more information.

View solution in original post

Solved Solved
2 1 0
2 REPLIES 2
Solved Solved

itravindrasingh
Participant V

Hi @Nicnic Nicnic,

If you are using APIGEE cloud version you can request for IPs which can be whitelisted from your backend. Still there are the options for you to protect your backend -

Even you whitelist Apigee IP, you should still consider to have above points as a part of better security model.

Hope this helps, and let me know if you need more information.

View solution in original post

Solved Solved
2 1 1

dchiesa1

I prefer 2-way TLS.

1 0 0
Top Labels in this Space
Top Solution Authors