I am new to Apigee, and just started using Apigee Edge cloud solution. I need to know some answers. It will be very helpful for me.
What is the latency in using the Apigee cloud instead of On premise solution. I would also like to know what is the downtime percentage as if I am using Apigee server I am completely dependent on them.
Apigee provided me with an organiztion account which is having a username and password, is there any other authtication though which apigee recognizes that the request is coming from my account ony, and the same goes for the response, I am asking these as anybody can hack my URL and send the same request.
As our API's will be containing the data for financial transaction, I am a bit worried about the keeping my data on the cloud and passing through Apigee server. What kind of security is there on the cloud?
Thanks in advance , Kindly dont mind if my quesitions are very basic.
Cross posting from Apigee Community,
Latency depends on several things, region, complexity, load and many more, its applicable for both on-prem and cloud. We have seen several Apigee customers both in cloud and on-prem having a apigee added latency of just few milliseconds to few hundred milliseconds. Its hard to tell a number, but the good news is Apigee provides tools to understand your latency across all the dimensions. Its minimal latency.
Regarding availability, Apigee cloud offers upto 99.99% availability, you could also check status.apigee.com for more details.
There is variety of options to secure your API, oauth, saml, IPs, Keys, basic authentications, open id etc.. Please find more about security related policy here.
Cloud has PCI, and we also have some financial services customers in the cloud. Please find more information here.
Related
New to Azure and would like to know what the difference between Azure API Management and Logic Apps is.
Some pros and cons would be nice. Also what the costing for each of these is like.
Thanks
Seems you want to know about Azure API Management and Azure Logic Apps
Well let me help you what that actually are...
Azure API Management
Azure API Management allows organizations to publish APIs more securely, reliably, and at scale. Use API Management to drive API consumption among internal teams, partners, and developers while benefiting from business and log analytics available in the admin portal
Pros are
Consistent and modern API gateways for existing back-end services
Verifies API keys, JWT tokens, certificates, and other credentials
Help you to publish APIs to external, partner, and internal
developers to unlock the potential of their data and services
High availability Responds to requests to perform operations at
least 99.9% of the time.
Analytics, metrics and many more
For further details you could have a look on official docs
Pricing
There are different categories of pricing available based on type and uses. See the below screen shot:
You even can read more details about pricing here
Logic Apps:
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration
Pros are
Maximum automation with hassle free service
Process and route orders across on-premises systems and cloud
services
Can move uploaded files from an SFTP or FTP server to Azure Storage
Help you connect legacy, modern, and cutting-edge systems more
easily and quickly by providing prebuilt APIs as Microsoft-managed
connectors
Pricing
Usually two categories of pricing you may have Consumption pricing model which depends on how much you consume and have to pay as per your consumption.
another one Fixed pricing model. See the screen shot:
You can have a look more details on official docs
Hope this would help you.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We have many REST services within our infrastructure and these are built using different technologies(Java, Go, Ruby, NodeJS) but all of them have certain common requirement like Authentication, Authorization, Rate limiting, Analytics etc so we are thinking to have a API gateway in front of these APIs so that all the communication happens through it only.
I came to know about some open source products in market like Strongloop/Loopback, WSO2, TYK, APIAXLE & 3scale but most of these doesn't look like time tested and ready for production usage. Few things which are coming to my mind now:
How is user feedback after using one of these solutions?
Lot of people would need this kind of feature so how are they doing it? Am I looking in right direction?
Is there a better way to solve my problem without using API Gateway?
If I mention about WSO2 API Manager,
As I know lot of people using it in production and provide good feedback about it.
Yes. you can use API Manager for rate limiting. API Manager has feature called throttle tiers. you can use that feature for rate limiting. For other features like authentication and authorization you have to use API Manager with WSO2 identity server. For analytics feature you have to use API Manager WSO2 Business Activity Monitor. Integrating all these products you can achieve the features you have mentioned.
I can answer for 3scale since I work there.
3scale is a complete API management platform that implements authorization, rate limiting and analytics for your API. We offer different integration options the most popular of which is our API gateway, that can be hosted by us or deployed on-premise.
This is an Nginx-based gateway that is deployed in front of your API servers and authorizes incoming calls by reaching to the 3scale API. The gateway extracts the API key of the incoming call and the endpoint that is being called and checks whether this particular request should be authorized (i.e. valid key, usage within limits, valid endpoint, etc).
One key part of our API gateway is that the authorization is performed asynchronously so that it has no impact on the latency perceived by the API user.
Regarding your particular questions:
We have 600 customers using 3scale in production. This includes APIs with very large traffic volumes, some of which you can see and read about here.
I'd say the main choice is between using an API management platform or implementing these features yourself. The advantage of using something like 3scale is that we specialize in exactly this problem and we provide other very useful features besides the basic authorization and rate limiting: a developer portal hosted by us where your API users can register and manage their keys, a billing system that you can use to offer paid plans for your API, support for advanced auth patterns like OAuth2 and others that you can read about in our website.
You could also integrate 3scale in your API with one of our software libraries. However since you have multiple APIs written in different languages I'd recommend the API gateway since you will only have a single integration point (therefore easier to maintain).
As always the best is if you test it by yourself. We have a free plan with no time limits, so you can start there.
I've been researching the new unified API for office365 (graph.microsoft.com). Currently one can authenticate to it using an organisationalID and it will return information from emails-from-exchange/OneDrive4Business/Skype4Business(future)/calendar-from-exchange/exchange-contacts/etc...
The ability to surface such a plethora of information from one endpoint strikes me as being hugely valuable. In the future I'd really like to see information relating to Azure be surfaced in here also. For example, I'd love to use graph.microsoft.com to access lists of:
Azure storage accounts
Azure SQL DB servers and databases
Azure SQL DB firewall rules
Azure ML experiments
Countless other things
Are such things on the roadmap?
That is a great question, and it's great to see such enthusiasm around a single endpoint surfacing this information. We're not sure when Azure resource providers would be a part of the unified API, but it would be great to have them. There are a number of other teams who are very interested, and in general we've been pretty focused on user or person centric developer experiences here as you should be able to see from Yina Arena's //Build or Ignite presentations.
Windows Azure has a store.
The stuff you can by there are called Add-Ons, and they fall in two categories: Service and data.
I understand the point of some of the service offerings, but not all, and I don't yet understand the point of the data offerings at all.
With services, some offerings are database deployments such as ClearDB (MySQL) and MongoLab. That makes sense to me: You get those databases deployed and monitored with a few clicks, yet those databases run in the same data center as the applications that consume them, which is good for performance and security.
For most other services (there is a simple scheduler application, for example), it seems that the only advantage is the unified billing method. Is that a correct observation, or is there more to it?
Then the data offerings: The fact that I can buy bing query transactions cannot really have anything to do with the rest of my azure account, right? Technically, it's just bing (or whatever other data offering you look at) and presumably I'm going against the same bing api that I would have used previously (I'm assuming that was possible). There is nothing really deployed in any Azure data center the moment I buy it, is there? So in what sense is that an Add-On?
In a nutshell, am I missing something or are most Add-Ons just a method of buying external services and having the billed on my Azure account?
If you can answer the question for other 'app stores', you can answer it for Windows Azure. We know about THE App Store (as per the court battles over the name) which is the only way to get applications onto the closed (iOS) device. There is also a Mac App Store which would seem unnecessary because of the ability to install apps by yourself (which makes it more similar to the Azure store). In this case the reason for the store is discoverability, association with the store brand (where the buyer assumes a degree of vetting), a single point for updates, and simplified billing.
The Windows Azure Store (and data marketplace) exist for similar reasons. It is less about the technical benefits than the association with the Azure brand. Since SO is technical, let me highlight some (largely) technical aspects:
Don't assume that the service will run in the same data centre. In most cases it probably won't.
There is an advantage of having everything in one place from an operational point of view. Granting of operator access to the subscription means that you don't have to administer accounts on the service. I have had problems with this though - where the service made it difficult to do other things (such as get support) because the Azure identity wasn't handled very well. (I had this with New Relic).
The combined billing works on credit card payments only. Last time I checked (Summer 2013) there was no way to get an add-on with a pay-by-invoice subscription, so a second subscription (with credit card) was needed anyway.
Add-ons seems to still be in 'preview', which may indicate low adoption. Microsoft probably hasn't seen it grow the way they expected and may not be developing it much in future. This is opinion only, and shouldn't affect the service (after all the store is just a gateway, and has no (little) technical impact on the service provided)
Don't completely ignore the store however. The biggest benefit seems to be the free tier of the servers and reduced pricing, where Microsoft has managed to get service providers to make the store attractive. For example, the SendGrid free option provides 25,000 emails per month, and there doesn't seem to be a free option on SendGrid.com. New Relic pricing was (and maybe still is) significantly less.
Pay attention mainly to the pricing benefits, rather than perceived technical benefits.
I have got two database (SQL azure) in North America, I'm getting error that the applications can't Access to the server.
I didn't update the application or database, so I supose that there are a problem with sql azure service. How can I notify Microsoft of this problem?
To 'notify' Microsoft, you have very limited options.
They have their own support forums.
They have their own support ticketing system, that costs a pretty penny but is the fastest way to get their attention.
They have their dashboard, which in my own experience is terrible. It is not a true representation, ever. The updates are very very late.
You also have StackOverflow - but there will be little that we can advise on if there is a problem on the Azure infrastructure side of life.
To help aid in your Azure support woes, I would suggest you get an account with Pingdom and get MetricHubs for your subscription. These will help in showing what goes down, when, how often, and for how long. It can help show if the problem really is in your application or not.
I would also ensure you have diagnostics set up, and log everything you can.
Many many people forget or don't know about the transient error problems. Microsoft have a huge article on it, but it does trip people up a lot.
The Azure Management Portal should also be able to give you a quick summary of if your roles & instances are actually up, healthy and stable.