Developing APIs is a tough job overall, and securing these APIs is a whole other ball game in itself. Google Cloud Apigee offers an excellent API Management Console that can help you develop & test your APIs to make them robust & secure.
开发API总体而言是一项艰巨的工作,而保护这些API本身就是另外一个完整的游戏。 Google Cloud Apigee提供了出色的API管理控制台,可以帮助您开发和测试API,以使其健壮和安全。
Imagine this, you’re a developer who just created an API for all sorts of weather data. You’d like other developers to start using your API to display weather information to their users. But, you do not want to provide unrestricted access to your APIs given security concerns & heavy server loads.
想象一下,您是一位为各种天气数据创建API的开发人员。 您希望其他开发人员开始使用您的API向其用户显示天气信息。 但是,鉴于安全问题和服务器负载过大,您不想提供对API的无限制访问。
In this article, we will be leveraging the powerful toolbox offered by Google Cloud Apigee & learn how we can protect our APIs from high traffic spikes & transform an XML response from the target server into JSON.
在本文中,我们将利用Google Cloud Apigee提供的强大工具箱,并学习如何保护我们的API免受高流量高峰的影响,以及如何将XML响应从目标服务器转换为JSON。
Note: Don’t worry if you don’t have an actual API to work with, we’ll be using a dummy API for learning purposes! 😄
注意:如果您没有实际的API,请不要担心,我们将使用虚拟API进行学习! 😄
Google Cloud Apigee is a Cross-Cloud API Management Platform that provides a wide range of tools that allow you to secure, analyze & even monetize your APIs.
Google Cloud Apigee是一个跨云API管理平台,它提供了广泛的工具,可让您保护,分析API甚至从中获利。
Apigee can be considered as a middle-man between a consumer app (created by a developer) & your server resources. Usually, an app would directly contact your server for requesting your data, which would process the request & return the required response. But the problem with this is that your server is exposed to the consumer app and YOU would have to add-in security protocols to protect your resources.
Apigee可被视为消费类应用程序(由开发人员创建)与服务器资源之间的中间人。 通常,应用程序会直接与您的服务器联系以请求您的数据,这将处理请求并返回所需的响应。 但是,这样做的问题是您的服务器暴露于使用者应用程序,因此您必须添加安全协议来保护您的资源。
With Google Cloud Apigee, you do not have to worry about exposing your server to the outside world. Apigee acts like a proxy server that can verify an incoming request, request resources on its behalf if the request is valid & return the response to the consumer app.
使用Google Cloud Apigee,您不必担心将服务器暴露在外界。 Apigee就像代理服务器一样,可以验证传入的请求,如果请求有效,则代表其请求资源,并将响应返回给使用者应用。
Apigee is a proxy server.
Apigee是代理服务器。
It receives a response from the consumer app, validates/transforms it if required, sends it to the target server. Then, it receives a response from the target server, manipulates/transforms it if required, and sends it back to the consumer app. This gives Apigee 4 areas to work with.
它从使用者应用程序接收响应,根据需要对其进行验证/转换,然后将其发送到目标服务器。 然后,它从目标服务器接收响应,并在需要时对其进行处理/转换,然后将其发送回消费者应用程序。 这为Apigee提供了4个合作领域。
Proxy Pre Flow (Consumer Sends a request to Apigee)
代理服务器预流程(消费者向Apigee发送请求)
Target Pre Flow (Apigee forwards the request to target)
Target Pre Flow(Apigee将请求转发到目标)
Target Post Flow (Target sends a response to Apigee)
目标发布流程(目标将回复发送给Apigee)
Proxy Post Flow (Apigee returns the response to Consumer)
代理发布流程(Apigee将响应返回给消费者)
These terms are important if you would like to manage your APIs using Apigee. The diagram below will help to understand:
如果您想使用Apigee管理API,这些条款很重要。 下图将帮助您理解:
Head over to the Apigee sign up page & create your account. Note that the free tier comes with some limitations such as 1 user, 1 test environment, API call limitations, no SLA, etc. No worries.
前往Apigee注册页面并创建您的帐户。 请注意,免费套餐具有一些限制,例如1个用户,1个测试环境,API调用限制,无SLA等。请不要担心。
An important limitation to note is that your free account is valid only for 60 days.
需要注意的一个重要限制是您的免费帐户仅有效60天。
Once you sign up, you will be taken to Apigee’s dashboard.
注册后,您将被带到Apigee的信息中心。
Note your organization name on the top left below your name. This organization is the gateway to Apigee. Since we’re using the free trial, we have the '-eval’ suffix.
请在您的名称下方的左上方记录您的组织名称。 该组织是通向Apigee的门户。 由于我们正在使用免费试用版,因此我们具有“ -eval”后缀。
Okay, let’s create our first API Proxy now. Click on API Proxies or from the Develop tab in the sidebar to start creating your first API proxy. You may see a couple of proxies already added by Apigee itself.
好的,让我们现在创建第一个API代理。 单击API代理或从侧栏中的“开发”选项卡开始创建您的第一个API代理。 您可能会看到Apigee本身已经添加了几个代理。
Click on the Proxy button on the top right.
点击右上角的 代理按钮。
API proxies safely expose backend services to API consumers. We will be using a reverse proxy, which as Apigee tells us is the most commonly used. This proxy will route inbound traffic to a designated target endpoint.
API代理可以安全地向API使用者公开后端服务。 我们将使用反向代理,正如Apigee告诉我们的那样,反向代理是最常用的代理。 该代理会将入站流量路由到指定的目标端点。
We can upload an existing API spec (Open API) & create a proxy, but we will be creating a new one. OpenAPI is an excellent way to document your APIs. IF you’re interested, I’ll link one of my articles so that you can learn more about documenting APIs using OpenAPI spec in the resources section below.
我们可以上传现有的API规范(Open API)并创建一个代理,但是我们将创建一个新的。 OpenAPI是记录API的绝佳方法。 如果您有兴趣,我将链接我的文章之一,以便您可以在下面的资源部分中了解有关使用OpenAPI规范记录API的更多信息。
Then, Apigee will ask you for your proxy details, such as the name, base path, description & the target endpoint. As you fill out your API Proxy name, notice that the base path fills up automatically.
然后,Apigee将询问您的代理详细信息,例如名称,基本路径,描述和目标端点。 填写API代理名称时,请注意基本路径会自动填充。
We will be using https://mocktarget.apigee.net as our target endpoint, which is a mock target created by Apigee for our API experiments. How thoughtful! 😃
我们将使用https://mocktarget.apigee.net作为目标端点,这是Apigee为我们的API实验创建的模拟目标。 太体贴了! 😃
Select no auth as your Security Authentication for now, which will let any API requests go through.
现在,选择“无身份验证”作为您的安全性身份验证,这将允许所有API请求通过。
Apigee creates both secure & default HTTP virtual hosts which consist of your organization name & environment. On the next screen make sure you are selecting the TEST environment to deploy your API Proxy.
Apigee会创建由组织名称和环境组成的安全和默认HTTP虚拟主机。 在下一个屏幕上,确保选择“测试”环境以部署API代理。
That’s it! Congratulations are in order! You have just created your first API proxy on Google Cloud Apigee! 😎
而已! 恭喜恭喜! 您刚刚在Google Cloud Apigee上创建了第一个API代理! 😎
Let’s take a look at your API proxy dashboard.
让我们看一下您的API代理信息中心。
The following information is displayed
显示以下信息
Before we check if our proxy works, hit https://mocktarget.apigee.net on your browser. It should return a simple message 'Hello, Guest!’.
在我们检查代理是否有效之前, 请在浏览器上点击https://mocktarget.apigee.net 。 它应该返回一个简单的消息“你好,客人!” 。
Great, now, click on the URL in the deployments section. It should be in the following format
很好,现在,单击“部署”部分中的URL。 应采用以下格式
http://<YOUR-ORG-NAME>-<ENVIRONMENT>/<BASE-PATH>Yes! It returns the same message, so our API Proxy does in fact, work.
是! 它返回相同的消息,因此我们的API代理确实可以正常工作。
Let’s add a Spike Policy so that we can protect our server (mock target) against heavy spikes in traffic.
让我们添加一个峰值策略,以便我们可以保护服务器(模拟目标)免受流量高峰的影响。
Click on the Develop Tab. As we discussed before, Apigee has a Proxy Pre flow & Postflow as well as a Target Pre flow & Postflow.
单击开发选项卡。 如前所述,Apigee具有代理服务器前流程和后流程以及目标服务器前流程和后流程。
We will be adding a spike arrest policy in the Proxy Pre flow since we should check for spikes before our proxy processes any request.
我们将在Proxy Pre流程中添加峰值抑制策略,因为我们应该在代理处理任何请求之前检查峰值。
Once your policy is created, change the rate value to 2 pm (2 per minute) for testing purposes.
创建策略后,将费率值更改为2 pm(每分钟2个)以进行测试。
Follow the steps shown below:
请按照以下步骤操作:
If you know how to use Postman, hit your deployment URL a couple of times. If not, copy and paste the URL in your browser and refresh the page a couple of times.
如果您知道如何使用Postman,请几次单击您的部署URL。 如果不是,请将URL复制并粘贴到浏览器中,然后刷新页面两次。
After about two calls, you will get an error from our proxy as shown below.
大约打了两次电话后,您会从我们的代理收到一个错误,如下所示。
{'fault':{'faultstring':'Spike arrest violation. Allowed rate : MessageRate{messagesPerPeriod=2, periodInMicroseconds=60000000, maxBurstMessageCount=1.0}', 'detail':{'errorcode':'policies.ratelimit.SpikeArrestViolation'}}}There! Now no one can mess with your server by sending too many requests! 😃
那里! 现在,没有人可以通过发送过多请求来干扰您的服务器! 😃
联系客服
