11436 SSO

Apigee Edge for Public Cloud Version 16.09.21 Is Here!

Encrypted KVMs, shared flows, and flow hooks
prithpal
Oct 27, 2016

We’re excited to announce the general availability of Apigee Edge for Cloud version 16.09.21. In this post we’ll walk through several exciting features, some of which are still in beta.

Encrypted KVMs

Key value maps (KVMs) have been an Apigee Edge feature for a while. KVMs are a great mechanism to store lookup information such as code tables, back-end endpoints, and environment properties.

But KVMs generally store information in clear text, which makes them unsuitable for storing sensitive information such as service accounts, systems credentials, or any secure information to access third-party APIs or general resources.

In this release, we have introduced encrypted KVMs. They have the same characteristics as general KVMs, including support for organization-level, environment-level, and API proxy-level scopes, except they are encrypted (in an upcoming post, we’ll dive deeper into details about encrypted KVMs).

Shared flows (limited beta—by request)

Shared flows are simply a set of policies that can be re-used within API proxies. Think about them as reusable, common logic that needs to exist in the proxies.

This is very helpful when you want to apply common policies across many API proxies within an organization. Instead of replicating the same policies across many proxies, you can create a set of shared flows and access them from within the proxy.

This has two advantages: first, it saves time, as API developers can simply reference them (as opposed to adding the policies) in the proxies where they need these policies. Second, these shared flows can be updated in one location and the changes automatically cascade through all the proxies.

Disclaimer: Shared flows is a limited beta feature (available by request) and is subject to implementation changes.

Flow hooks (limited beta—by request)

Flow hooks are a mechanism by which shared flows (or a set of common policies) can be applied at common points for all proxies and target endpoints deployed inside an environment. This is very helpful for implementing common security, compliance, and logging requirements across the enterprise. This also creates a separation of concerns whereby API developers can focus their energy and time on building API proxies, and the security/compliance/infrastructure team can add these common policies at the right places.

The flow hooks feature enables you to add shared flows at four locations:

  • Pre-proxy flow hook
  • Pre-target flow hook
  • Post-target flow hook
  • Post-proxy flow hook

Three steps to applying common compliance policies

Let’s review a simple example. Consider that your security team has imposed a requirement of applying a “verify API key” policy and “message logging policy” to ensure that all requests contain a valid API key and that all API calls are logged to the enterprise logging system for security/compliance purposes.

Additionally, the infrastructure team has imposed a requirement that no more than 10 concurrent connections can be opened to any back-end target endpoints. Without shared flow/flow hooks, all these policies would have to be applied to every API proxy and target endpoint in the org/environment.

With this feature, this can be achieved in three simple steps:

  • Create a shared flow “Common-Compliance-Flow” which has two policies: verify API key and message logging

 

 

  • Create a shared flow “Rate-Limiting-Shared-Flow” which has one policy: concurrent rate limit

 

 

  • Configure flow hooks (From API → Environments → click on the “Flow Hooks” tab). Attach the “Common-Compliance-Flow” to the “Pre-proxy Flow Hook” and the “Rate-Limiting-Shared-Flow” to “Pre-target Flow Hook”

 

 

In three simple steps you have now applied common compliance policies to all API proxies deployed in the environment and also applied rate limiting policies for all your back-end points.

This is very powerful and saves you a lot of time and also meets your security and compliance requirements.

Disclaimer: Flow Hooks is a limited beta feature (available by request) and is subject to implementation changes.

This release contains other enhancements and bug fixes. Please review the Apigee Edge Cloud 16.09.21 release notes for additional details. We strongly encourage customers to try out these new features, ask questions, and provide feedback on the Apigee Community.

Microservices Done Right

Next Steps

 
 

Resources Gallery

News