Reputation: 399
Apigee API Proxy policy sequence
What is the ideal sequence of policies that we need to apply while creating API proxy in Apigee? Following is the list of policies.
Spike Arrest
oAuth
Regular expression protection
JSON Threat protection
Request Quota
How performance will be impacted if oAuth is kept last?
Thanks in advance.
Upvotes: 0
Views: 413
Answers (1)
Reputation: 2655
From a security perspective you would want to keep oAuth near the top of your policy order. This will ensure that attackers cannot leak information about your proxy without providing authentication.
From a performance perspective, a successful request will pass through each policy and so overall performance will not change due to the order.
If performance in failure detection is important to you, your best bet would be to keep failures that occur most frequently near the top of the policy order. This will ensure that failure happens faster for those requests.
Additionally, you can view the time each policy takes to run using the Trace feature.
Upvotes: 0
Related Questions
- One API proxy calling two different target endpoints
- Apigee: Maven deploy of proxies
- WebApp Proxy to APIGEE
- Apigee API Platform: INVALID_PROXY Error
- Apigee - SpikeArrest behavior
- How to use the same Flow for request and response for Apigee proxy?
- Apigee Throttling Scenario
- Defining Multiple Proxy Endpoints
- what is the apigee target default timeout , I am seeing 404 after 10 secs
- Apigee proxy performance tuning