Apigee has provided a great set of documentation on how their Edge Gateway can be configured. This documentation does not replace it, but instead will help guide the process and outline some standardizations and guidelines.
Guidelines and Standards
- Example: https://api.ucsb.edu/students/lookups
- Use Standardized Shared Flows whenever possible
- UCSB Standard Options Response * UCSB Standard API Key Shared Flow
- UCSB Standard Response Headers
- UCSB Standard Invalid Flow Response
Steps to Create/Edit
- The Overview tab is the best way to see at a glance what endpoints and environments an API Proxy is deployed to. But, switch over to the Develop tab.
- We're going to add a number of Standard Shared Flows. (The next image and description describe how to add a shared flow.)
- First, add the Standard Options Response shared flow by clicking + Step button in the Request flow. This adds CORS Headers support for https://editor.swagger.io.
- Then, add the Standard API Key shared flow to the Request flow. This adds Authentication and Authorization.
- Then, add the Standard Response Headers shared flow to the Response flow. This adds CORS Headers to all responses.
- To add a shared flow, in the Add Step overlay, scroll down and select Flow Callout.
- From the Shared Flow dropdown select ucsb-standard-xxx (in our example: ucsb-statndard-options-response).
- Update the Display Name to "Standard Options Response". This should automatically update the Name.
- Then click Add.
- Next, we'll add the Standard Invalid Flow Response. This one will need to be added using the + icon at the top of the Policies section.
- Then select the Flow Callout and the Shared Flow ucsb-standard-invalid-flow-response.
- Set the Display Name to "Standard Invalid Flow Response".
- Now that the policy is available, select default in the Proxy Endpoints section. This will change the middle section of the screen to show XML.
- Scroll down the XML to the last <Flow> in the <Flows> section.
- This adds a restriction on the endpoint. If the incoming request to the API Endpoint isn't a known path, then it's rejected. This is for a little extra security.
- Add a new <Flow> to the end of the list, using the code below:
<Flow name="NotFound"> <Description/> <Request> <Step> <Name>Standard-Invalid-Flow-Response</Name> </Step> </Request> <Response/> <Condition/> </Flow>
* Now we can Save the changes we made. Which may ask you if you want to update the current revision, click Save again. * Once saved, you can deploy the changes out to Test and Prod using the Deployment dropdown. * You'll need to confirm the deployment by clicking Deploy.
Next let's Create an API Product