The majority of our use cases are refactoring our own applications to use our own APIs - our own app would want to use our own API using an AJAX request from a single page web app - but what is the recommended way to implement this using Apigee Edge and OAuth 2.

For example - using a server side proxy (correct?)

(1) Single page web app (that we own) uses AJAX and make request to server side proxy (that we own).

(2) Server side proxy receives request and makes secure request (using secure credentials) to Apigee Edge (using which OAuth2 grant type?)

(3) Apigee Edge API Proxy makes request to real API back end service.

(4) Response comes back from real API back end service, via Apigee Edge API Proxy, via server side proxy (that we own) to single web page AJAX caller function.

But is that the best practice design? I think so - but we used 3 network hops for one request so it does not feel right. Comments/advice? Thank you.