Edge: Secure Enterprise APIs

End-to-End Security

End-to-end and from the inside out

Enterprises are using APIs to extend their data and services to customers, employees, and partners. However, exposing a business’ functionality opens businesses and internal systems to potential threats so today’s enterprise IT mandate, more than ever, includes providing secure access to services while protecting customers and the business from threats, back-end overload, and service issues.

Edge end-to-end security

  • Not a bolt on addition but part of the architecture
  • Designed from the inside out for flexibility

Configurable policy-based security

Through configurable policies, Edge provides enterprise-grade security capabilities including:

  • RBAC (role-based access control)
  • fine-grained policy management for authorization
  • authentication for users, developers, administrators
  • authentication for APIs via OAuth, SAML, and LDAP
  • threat protection against XML, JSON, and DoS attacks

Configurable policies reduce time-to-market and enable you to quickly, efficiently, and securely transform your backend data and services into consumable APIs.

A flexible processing pipeline

Key to Apigee’s configure versus code runtime approach is the processing pipeline. Runtime processing capabilities are enforced through two means: configurable policies and flexible scripting. These two things can be combined into a processing pipeline that enables both enforcement of the runtime rules of engagement with the API and the transformations required to get from the clean REST API to the interface exposed by the back-end system.

Transform & Mediate

Edge enables the translation and reformatting of data for easy consumption, avoids the need to rip and replace existing services and technology, and streamlines API version support.

  • Enable mobile app developers by exposing  SOAP services as JSON with a simple configuration exercise that provides the service endpoint in JSON.  

  • Transform from any API protocol to any other, including SOAP, REST, JSON, XML binary, or custom protocol. 

  • No need to rip-and-replace existing services—SOAP and XML transformations help integrate with SOA and other middleware; REST and JSON enable lightweight apps.

API Versions

Edge API Services enable you to hide the complexity of multiple API versions from your backend systems and make migration to new versions easy for users by exposing endpoints and doing transformations at the proxy layer. You can easily provide and manage different flavors of the same API, for example:

  • update API functionality without breaking existing Apps
  • provide and monetize a premium version of your one-size-fits-all free API
  • enforce standardization and consistency across a lot of APIs, possibly built by different teams

Manage Traffic

What are you going to do as your traffic increases? Do you have a plan for success that can handle 10, 100, or 10,000 times more traffic than your API is receiving today? Beyond dealing with threats, traffic management is about scaling your APIs for success.

Edge API Services provides capabilities for optimizing performance while not requiring customers to rewrite backend services to accommodate different devices:

  • Quotas and rate-limits help shape your API traffic to support different levels of usage by partners and developers
  • API performance capabilities help you deliver an optimized experience regardless of the end-user’s device
  • Use pagination and caching to make sure your outgoing responses are finely tuned and optimized for mobile