Setting up and configuring the Apigee proxy
This topic is aimed at organization owners or administrators responsible for managing Apigee and the Developer portal set up and configuration.
Note: These instructions apply only to Apigee Edge. If you are using Apigee X, contact us for more information.
Before users can start using Redocly's Developer portal with Apigee API, as an organization owner, you will need to set up an authorization proxy provided by Redocly in Apigee. This is a one-time setup only.
This proxy can:
- authenticate users (verify IDP token),
- create developers in Apigee,
- allow access to routes needed only for managing developer applications and keys for a specific developer, and
- forbid all other routes.
Why set up a proxy?
An API proxy is an additional layer or interface that developers use to access your organization's Apigee API. Setting up an API proxy allows you to separate the app-facing API from your backend services, shielding those apps from backend code changes.
You can also add capabilities such as security-related logging and monitoring and case-specific logic using the API proxy.
For more information, refer to Understanding APIs and API proxies.
This topic provides instructions on how to:
- Upload proxy bundle to Apigee Edge
- Set up key value map information
- Map authentication credentials and deploy proxy
- Configure Apigee proxy for IdP
- Add proxy details to Redocly's Developer portal and rebuild portal
Task 1: Upload proxy bundle to Apigee Edge
Before you upload the proxy bundle to Apigee, you can download the proxy bundle from Redocly's private repo (include link). To get access to the proxy zip file, contact Redocly's customer support.
Only authorized organization owners/developers will be given access to the private repo.
To upload the proxy bundle to your Apigee Edge account:
- Log in to Apigee Edge, and navigate to Develop > API Proxies.
- On the Proxies page, select +Proxy to display the Create proxy page.
- From the list of templates, select Upload proxy bundle.
The Upload proxy bundle page displays.
- Drag and drop or click to upload the proxy bundle you would have downloaded from Redocly's private repository. The name field is automatically populated from the proxy bundle zip file.
- Select Next. The selected proxy bundle is uploaded and a Summary page displays.
- Select Create to upload the proxy bundle. A confirmation message displays and your proxy is uploaded successfully.
Task 2: Set up key value map information
After uploading the proxy bundle, create key value maps and set up the system user credentials.
To create key value maps and set up user credentials:
- From Apigee Edge, navigate to Admin > Environments > Key Value Maps. The Key value maps page displays.
- Select +Key value map to display the Add key value map dialog.
- Enter a name for the key value map, select the Encrypted check-box.
- Select Add. A new key value map is created and displays on the key value maps list.
- Select to open the newly created key value map, and select + to add a key value pair.
-
For the selected key value map, add these key value pairs:
- username: Enter the email address you use for accessing Apigee Edge.
- password: Enter a password for the pair.
Task 3: Map authentication credentials and deploy proxy
Once you have set up the key value map information, you can map the authentication credentials and deploy the proxy to the appropriate environment.
- Navigate to Develop > API Proxies and select to open the API proxy you created in Task 1.
-
Select Develop tab, and:
- Under Policies, select Get Auth Creds
- Under Property Inspector, for mapIdentifier, enter
system-user-creds
(This is the key value map you created in Task 2)
- Select Save to save your changes.
- From the Deployment dropdown, select the environment you want to deploy the proxy to. A confirmation message displays.
- Select Deploy. The proxy is now deployed to the selected environment and a deployment URL is generated for the proxy.
- Select Overview tab to view the deployment URL.
You will need the deployment URL for connecting your Redocly Developer Portal to use your Apigee API.
Task 4: Configure Apigee proxy for IdP
In this step, organization owners add the JWKS URL from their OIDC provider into the Apigee proxy.
- In a browser, enter the Config URL. The browser displays a response in JSON format.
Tip: You can find the Config URL in your OIDC setting.
- From the response body, copy the
jwks_URL
value. - Navigate to Develop > API Proxies and select to open the API proxy you created in Task 1 and select the Develop tab.
- Under Policies, select Verify JWT. The Verify JWT code displays.
- Paste the
jwks_URL
into the code forJWKS uri
. - Select Save to save your changes.
Task 5: Add proxy details to Redocly's Developer portal and rebuild portal
After mapping the authentication credentials and deploying proxy to the appropriate environment, you will need to add proxy details to Redocly's Developer portal, to allow the portal to connect to the Apigee API.
To add proxy details:
- In Redocly Workflows, navigate to your Developer portal settings.
-
On the Settings page, select Environment variables to add two variables:
- ORGANIZATION_NAME: Enter your Apigee organization name. Your Apigee organization name is displayed under your profile in Apigee.
- API_URL: Enter the deployment URL you generated in Task 3.
- ORGANIZATION_NAME: Enter your Apigee organization name. Your Apigee organization name is displayed under your profile in Apigee.
- Navigate to the Overview tab, and select Rebuild to rebuild your developer portal using the new environment variables.
All HTTP requests from your portal to Apigee API will now go through the Apigee proxy.