Fundamentals

avatar
Created by
PetiteIguana61093

Subdecks (1)

Cards (75)

  • Apigee's API Management Platform is designed to bridge the gap:
    • By building APIs for connected experiences, you can create abstraction layers that help reduce the complexity required of backend systems. APIs that are implemented on Apigee leverage a rich set of capabilities and features, including security, caching, transformation, and mediation.
    • These features allow you to build APIs tailored to the needs of individual applications and react to changing business requirements, while reducing the need for customization and modification of backend services.
  • Apigee's API Management Platform
    • With all API calls passing through Apigee, you can gain insights into technical and business challenges. APIs also improve your ability to participate in or create ecosystems, driving even more business and success.
    • The Digital Value Chain allows us to visualize how connected digital experiences are realized. In a digitally connected world, you interact with customers, or “end users,” using applications.
  • Digital Value Chain:
    • Applications range from web and mobile apps to large enterprise systems and connected devices. Some of these applications are built by developers at your company. Other applications may represent systems used by partners or customer-facing products that they’ve built.
    • Application developers leverage the APIs offered by your company.
    • These APIs are built and managed by a cross-functional team we call the API Team. APIs built by the API team make use of backend resources, while shielding application developers from unnecessary complexity
  • Digital Value Chain:
    • The real boundary of a company's control over enforcement of policies and management of access to resources ends at the API layer. APIs are the digital products you present to app developers. As products, they should follow a life cycle, and you should manage them as you would manage other products produced by the company, marketing them to internal and external audiences.
  • APIGee:
    • Apigee's enterprise-level platform can be run as a software-as-a-service offering running in Google Cloud and fully managed by Google
    • API runtimes can also be deployed in customer private clouds or in an on-premises data center, with the runtime deployment managed by the customer, and the management services managed by Google and running in Google Cloud.
    • The Apigee adapter for Envoy is a lightweight API gateway that provides limited API management functionality that can be deployed close to backend services.
  • APIGee:
    • Mediation provides the ability to parse and manipulate the requests and responses of API calls passing through Apigee. Mediation allows API teams to perform enrichment, transformation, orchestration, enforcement of security, caching, handling of faults, and more.
    • Every API call that passes through Apigee generates analytics data. Analytics data generated by the system can be used by operations teams and business users to make data-driven decisions about APIs and their API program
  • APIGee:
    • The developer ecosystem is an important factor in the success of your APIs. APIs built and deployed on Apigee are bundled into API products, which can be deployed to a developer portal. The developer portal facilitates the discovery and consumption of APIs and offers developers access to API documentation.
  • APIGee Components:
    • The Runtime Gateway sits in the critical path of runtime traffic. The gateway's main component is the Message Processor, which is responsible for executing APIs in response to API requests.
    • Data used by APIs during runtime is stored in the runtime data store. This includes API keys, OAuth tokens, cache, and configuration.
    • As APIs are executed by a Message Processor, analytics events are generated and processed asynchronously. These events reveal a wealth of information about APIs, apps, and backend system calls, and are used for analytics reports and visualization.
  • APIGee Components:
    • The Apigee API is used to manage the API platform. The API is used to deploy and undeploy API proxy revisions, monitor APIs, configure environments, manage users, and more.
    • The Apigee Console, the developer portal, and other management processes use the Apigee API.
    • The Apigee API is also fully documented and available to customers. Developers and operations teams make use of this API for automation, such as continuous integration/continuous deployment, or CI/CD.
  • APIGee Components:
    • The Management database stores configuration changes. The runtime will poll for changes and update itself when changes are detected.
    • The Apigee Console is the main web interface for administration and development. Developers can use it to create, develop, and manage APIs. Operations, security, and business users also access the Apigee Console. The console can be used to view and control all aspects of your APIs, including controlling the API lifecycle and building and viewing analytics reports.
  • APIGee Components:
    • The developer portal is a web interface dedicated to addressing the needs of application developers. The API team publishes documentation about your organization's APIs to the developer portal, where application developers can register their applications and sign up to use your API products.
  • ApiGee:
    • Apigee's Google-managed software-as-a-service deployment simplifies customer adoption and dramatically accelerates time to market for new APIs. Developers can get started immediately building and running APIs at scale. This is the most popular deployment option. It allows customers to focus on addressing business needs, while letting Google manage the operational overhead of running the software at scale in a secure and reliable way.
  • ApiGee:
    • Customers who want or need to provide access to their APIs in multiple clouds or on-premises can choose the hybrid deployment model.
    • This model allows the customer to manage and deploy containerized versions of the API runtime on Kubernetes, while delegating the management plane operations to Google.
    • Operational management differs between the Google Cloud–managed and the hybrid deployments, but the experience you will have as an API developer is virtually identical.
  • API Lifecycle:
    • Start at the top with the "Design" of the API, and move clockwise. After the design has been reviewed and approved by stakeholders, you can "Develop" your APIs and build "Security" into them.
    • Your API is launched by "Deploying" it into production and "Publishing" it to app developers. When your API is in production, you must make sure to "Monitor" the health and usage of your API.
  • API Lifecycle:
    • Analytics can be used to determine your API's level of adoption and how it can be improved. Depending on your business model, it may make sense to monetize your API—charging for its use or sharing revenue with app developers who are driving new business.
    • With the feedback you receive from your app developers and the insights you gain from monitoring and analyzing your API program, you will have an understanding of necessary and desired changes. You can design new features for your API, beginning the cycle again.
  • Design:
    OpenAPI:
    • One tool often used when designing a REST API is an OpenAPI specification. An OpenAPI spec can be used to define the interface and capabilities of your REST APIs, without focusing on the implementation.
    • The spec may then be used in a developer portal to allow app developers to explore and try out your APIs. An OpenAPI specification can also be used to generate an API proxy stub. The API proxy stub provides a template for building an API that adheres to the defined specification.
  • Develop:
    • Apigee allows you to build your API proxies using policies, which are pre-built functions that can be configured without code.
    • Apigee also has built-in support for JavaScript or Java policies, which allow you to write custom code when needed for more complex use cases.
    • Your proxies can be debugged using Apigee's trace tool, so you can troubleshoot issues during development or in production.
  • Secure:
    • Apigee proxies can utilize many built-in policies and features which allow you to create secure APIs, even if your backend APIs are not fully secured.
    • Policies are available to add OAuth, SAML, JSON Web Token, and HMAC authentication and authorization to your APIs.
    • Other policies provide threat protection against content-based attacks, detecting malicious request payloads and rejecting the requests before they are sent to your backend services.
  • Secure:
    • Apigee allows sensitive data to be masked, so that operations teams do not see user data or passwords when tracing live API traffic.
    • Cloud Armor is a Google-grade web application firewall that protects web and API traffic against distributed denial-of-service attacks, allows rejection of traffic based on geographic origin or IP address, and provides firewall rules to protect against many common types of attacks. Cloud Armor benefits from Google's extensive experience protecting key internet services like Google Search, GMail, and YouTube
  • Secure:
    • Identity Platform is a customer identity and access management platform that helps organizations easily add identity and access management functionality to their APIs and applications.
    • It protects users by supporting multi-factor authentication, and provides support for many authentication methods, including SAML, OpenID Connect, email and password, or custom implementations.
  • Deploy:
    • When your API has been built and secured, you will need to deploy your API proxy into production.
    • The deployment process should include testing and should be repeatable. This process can be built into a deployment pipeline, where changes to a proxy are automatically tested before being deployed.
    • Apigee provides management APIs that can be used to create and deploy proxies and configuration artifacts as part of a deployment pipeline, allowing you to build a repeatable process for deploying new or updated APIs.
  • Publish:
    • Apigee's developer portal helps your app developers discover your APIs and register apps to use them.
    • Your OpenAPI specifications can be used to create the live documentation hosted in the developer portal, allowing app developers to try out your APIs.
    • Apigee provides 2 types of developer portals: a Drupal-based portal that offers a full-featured, customizable content management system; and a hosted, integrated portal, which requires much less effort but lacks some of the features and customization of the Drupal portal.
  • Monitor:
    • After APIs are built and launched on Apigee, they need to be monitored to ensure that they are available and performing as expected.
    • Apigee's API Monitoring provides near real-time insights into API traffic and performance by monitoring API performance and usage, automatically capturing API and backend latencies, error rates, and call volume, among other types of operational metrics.
    • Alerts can be used to keep you informed of unusual events or patterns, such as spikes in traffic or latencies.
  • Analyze:
    • In addition to API and performance metrics, Apigee captures business metrics, tracking the apps and app developers using your APIs and the device types and geolocation of the users of those apps.
    • Other metrics specific to your business can be captured by collecting custom data within your API proxies. Apigee includes a rich set of built-in reports to help gain insights into your APIs and API program. Custom reports can also be created to explore business-specific data.
  • Analyze:
    • Apigee's analytics data can be integrated into your own enterprise systems by using the metrics API or by extracting the data into Google’s Cloud Storage or BigQuery
  • Monetize:
    • Companies with public API programs, or those offering digital products to partners, can use Apigee's monetization capability to create revenue streams based on API powered digital products. Apigee monetization allows you to charge for API usage or share revenue with app developers that drive your business. App developers can easily set up billing, choose rate plans, and process credit card payments from within the developer portal
  • Apigee organization:
    • An Apigee organization is the top-level entity for Apigee. When you use the Apigee Console, you are working within the context of an organization.
    • This Apigee organization is not the same as the Google Cloud organization. An Apigee organization is associated with a single Google Cloud project. An organization contains many types of entities.
    • Some entities live inside environments, which are used as runtime execution contexts for your APIs.
  • Apigee Organization:
    • Users can be granted access to one or more organizations. Users are associated with one or more roles within an organization.
    • A role specifies a set of permissions that is granted to a user. Users and roles are managed using Google Cloud's Identity and Access Management, or IAM.
    • An Apigee Organization Admin has superuser access within the organization. Other built-in roles specify permissions appropriate for other users of Apigee, including operations, business, and API development team members.
  • Apigee Organization:
    • An organization's API proxies are scoped at the organization level. APIs are exposed on Apigee by implementing API proxies. These proxies are built using policies, which are pre-built modules that provide features like security, rate-limiting, message transformation, or mediation within the request and response flows of your proxy.
    • Policies allow your APIs to provide rich functionality without your having to write lots of code. Shared flows can be used to combine a set of policies into a common pattern, allowing reuse of proxy logic in multiple APIs.
  • Apigee Organization:
    • An environment is a runtime execution context for your APIs.
    • API proxies and shared flows are deployed to environments. API requests are handled by a proxy deployed in a specific environment.
    • Environments are typically used to model and enforce your API development lifecycle. An organization might have three environments: development, test, and production.
  • Apigee Organization:
    • An API developer would work on a new proxy, or changes to an existing proxy, in the development environment. When the API developer is confident that the proxy is working as intended, that revision of the proxy can be deployed to the test environment, where more formal testing could occur. Finally, the tested revision of the proxy can be moved into the production environment. Users can be given different permissions in each environment. A developer might need full access in the development environment, but should have no write access in production.
  • Apigee Org: Publishing:
    • Before publishing your APIs to the developer portal, you group and productize your APIs by creating API products. API products provide a mechanism for access and authorization for a group of APIs.
    • App developers access the developer portal to discover your APIs and experiment with them. Within the developer portal, app developers may register apps with API products to allow access to your APIs.
  • Apigee Org: Runtime Data
    • Apps present API keys and OAuth tokens to access APIs. When an API key or OAuth token is verified in an API proxy, the app making the request is identified, as is the associated API product. This allows proxies to control functionality based on API product or app. API keys and tokens are stored at the organization level, but are generally associated with a single environment. The API product associated with the app specifies which environment or environments can be used.
  • Apigee Org: Config:
    • Organization-scoped key value maps, or KVMs, can store organization-wide configuration. KVMs are encrypted, so they are appropriate for storing passwords or other sensitive information. Environment groups are used to create a mapping from hostnames to one or more Apigee environments.
    • For example, the hostname api.example.com could be mapped to the production environment, and test.example.com could be mapped to the test environment. When an API request is received with the hostname api.example.com, the request would be routed to a proxy in the production environment.
  • Apigee Org: Config:
    • Data collectors are defined locations used to store data collected during the processing of an API call. A DataCapture policy may be used to store a value in a data collector. The data collected may be used in custom reports.
  • Apigee Org: Analytics:
    • Analytics data provides visibility for all API traffic, from an application through Apigee to your backend services and back. Operational and business metrics are automatically captured for each API call, and a wide range of provided reports allows you to gain insight into your APIs.
    • Custom reports can also be created to allow visualizations of custom data captured in data collectors, or to provide new ways of looking at your data
  • Apigee Org: Environments:
    • Environments provide a runtime execution context for API proxies. A proxy only accepts API requests when deployed to an environment.
    • Environments may be used to represent different stages of the API development lifecycle. For example, a revision of a proxy could be promoted from a development environment to the testing environment and eventually into production.
  • Apigee Org: Deployments:
    • A proxy revision can be deployed to an environment, where it can start taking traffic. A shared flow revision can also be deployed to an environment, making it available for use by proxies in that environment. A deployed revision of an API proxy or shared flow is immutable. Further edits to the API proxy or shared flow must be made in a new revision.
  • Apigee Org: Connectivity:
    • Target servers are used to decouple backend URLs from the API proxy code. This allows the proxy to connect to environment-specific backends without changing proxy code.
    • Keystores and truststores store certificates and private keys to allow point-to-point encryption from Apigee to backend servers.
  • Apigee Org: Config Environment:
    • Debug sessions capture requests and responses that are received while tracing an API proxy deployment.
    • Flow hooks are used to automatically attach shared flows to every proxy in an environment. This allows admins to enforce that security, logging, or other common policies are executed for all proxies.
    • Resource files allow proxies within an environment to share code libraries.