Solved: If someone knows the url for my API (which is acce...

Report Inappropriate Content · 12-02-2015 02:10 AM

anilsr

Welcome to Apigee Community 🙂

Short Answer, Apigee Edge is secure, Apigee Promises same. No one can just simply bypass the security features. Apigee Edge offers industry accepted standards like OAuth 2.0 to secure your APIs.

Update :

If you are talking about securing backend Apis in Apigee Edge, Please take a look at the documentation in Apigee Edge, it's called last mile security.

View solution in original post

anilsr

Dear @Samarth ,

Welcome to Apigee Community 🙂

Short Answer, Apigee Edge is secure, Apigee Promises same. No one can just simply bypass the security features. Apigee Edge offers industry accepted standards like OAuth 2.0 to secure your APIs.

Update :

If you are talking about securing backend Apis in Apigee Edge, Please take a look at the documentation in Apigee Edge, it's called last mile security.

Report Inappropriate Content

Hey Anil, I meant in the scenario where someone already knows the url to my API,say http://xyz/cat/1, he can completely bypass the proxy API.. That is, Instead of using http://{org-name}-{env-name}.apigee.net/{project-base-path}/cat/1, he can simply use http://xyz/cat/1. Doesn't it defeat the purpose of having the proxy?

anilsr

Got it @Samarth , I have updated my answer. please check same.

Report Inappropriate Content

Thank you so much Anil 🙂

If someone knows the url for my API (which is accessible over the internet), can't he just bypass the security features that I've set up on EDGE? How would I tackle this scenario?