menu
arrow_back

Apigee API Security

search share Gabung Login

Apigee API Security

2 jam 5 Kredit

GSP868

Introduction

Welcome to Google's Apigee API Jam Lab 2 on API Security! This hands-on lab is designed to jumpstart your understanding of API management with a focus on API security. Google's Apigee API Management platform helps you set up end-to-end security across your digital value chain, and in this lab, you will walk through 5 exercises that showcase the breadth of Apigee's API security features.

b29afc216b7392d1.png

This workshop will be valuable to API developers, architects, and anyone who wants to quickly gain a fundamental understanding of how to secure APIs using Google's Apigee platform.

For more detailed guides, please visit our API Security documentation page.

Lab Objectives

In this lab you will learn how to perform the following tasks:

  1. Throttle your API Traffic to prevent DoS, using Apigee's Spike Arrest policy

  2. Set up OAuth 2.0 based API security (Client Credentials grant type)

  3. Protect your APIs against content-based threats

  4. Set up JWT based protection for your API

  5. Set up Apigee to work with an External Identity Provider for App end-user identity (OAuth 2.0 Password Grant Type), where Apigee serves as the authorization server.

Lab Prerequisites

For this lab, you will need:

  • A modern web browser like Chrome (v50+) to access the Apigee Platform UI.

  • A Remote Desktop Protocol (RDP) client.

  • Access to an HTTP client to test the API (eg. cURL, Postman, etc.). If you do not have access to one, you can use the Apigee Debug Tool.

  • A basic understanding of Apigee platform entities such as API Proxies, Apps, and Products. For a refresher of the API Management Lifecycle, please complete the Apigee API Management Fundamentals lab (See Resources List on the left), or attend one of our Virtual API Jam sessions.

Lab Setup

For this lab, you will need access to an Apigee Organization (Org) and the underlying Google Cloud Platform (GCP) project that the org is tied to. To get this, click on the Start Lab button on the left panel of this lab.

556c69539f196e21.png

This will generate a student project on GCP and the associated evaluation org on Apigee. This org will be available to you for the duration of this lab.

7eb08c78806cb509.png

Open a new incognito browser window and log into the GCP console at https://console.cloud.google.com. Use the Username and Password from the left panel (similar to the image above) log into the GCP console.

fd2fee3fdd1e4fdb.png 58a8d4c3716a3c3d.png

You will need to click "Accept" on the next screen, to accept the Google Terms of Service and the Google Privacy Policy.

2686d58d7780d9e6.png

The next screen may ask you to confirm account protection settings. Click "Confirm".

6b4748540028a052.png

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.

Cloud Shell icon

Click Continue.

cloudshell_continue.png

It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:

Cloud Shell Terminal

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

You can list the active account name with this command:

gcloud auth list

(Output)

Credentialed accounts:
 - <myaccount>@<mydomain>.com (active)

(Example output)

Credentialed accounts:
 - google1623327_student@qwiklabs.net

You can list the project ID with this command:

gcloud config list project

(Output)

[core]
project = <project_ID>

(Example output)

[core]
project = qwiklabs-gcp-44776a13dea667a6

Remote Desktop (RDP) into the Student Workstation

This lab requires that students perform all steps in the student-workstation virtual machine. To RDP into the student workstation open a new incognito browser window and navigate to https://console.cloud.google.com. Use the Username and Password from the left panel to log into the GCP console.

Test the status of Windows Startup

The student-workstation Windows Server instance is automatically provisioned and listed on the VM Instances page of Compute Engine in the GCP Console. To viev the instance, navigate to the left menu > Compute Engine > VM Instances.

compute_instances.png

The student-workstation instance will not be ready to accept RDP connections immediately as it takes some time for the OS components to initialize. The section below describes methods you can use to RDP into the virtual machine.

RDP into the Windows Server

There are different ways to connect to your server through RDP, depending on whether you are on Windows or not:

If you are using a Chromebook or other machine at a Google Cloud event there is likely an RDP app already installed on the computer. Click the icon as below, if it is present, in the lower left corner of the screen and enter the external IP of your VM.

rdp_win.png

Alternatively, if you are on a Windows machine, you can download the RDP file by selecting it from the RDP menu.

download_rdp.png

On Windows, you can simply double click on the RDP file and login using the Windows user and password.

If you are on a Macintosh, there are several freely accessible RDP Client packages available to install, such as CoRD.

After installing, connect as above to the External IP address of the student-workstation Windows server. Once it has connected, it will open up a login page where you can specify the credentials below to log into the machine:

  • Username: student
  • Password: Learning123!

Once logged in, you should see the Windows desktop!

student_workstation_desktop.png

Copy and pasting with the RDP client

Once you are able to RDP into the student workstation VM you will perform the steps for each section below while connected to the student workstation VM.

During this lab, you may find yourself copying and pasting commands from the lab manual. You can copy and paste instructions from the lab guide into the student workstation VM.

To paste, hold the CTRL-V keys (if you are a Mac user, using CMND-V will not work.) If you are in a Powershell window, be sure that you have clicked in to the window or else the paste shortcut won't work.

If you are pasting into putty, right click.

Accessing the Apigee Org

To access your Apigee org, open the Chrome browser shortcut found on the desktop of the student-workstation VM. Navigate to https://apigee.google.com and log in using the Username and Password provided earlier.

You will then be led to the Apigee Platform UI.

28f9698849424e92.png

You will utilize the student workstation VM to complete the remaining sections of this lab.

You're now all set to get started with this lab!

Bergabunglah dengan Qwiklabs untuk membaca tentang lab ini selengkapnya... beserta informasi lainnya!

  • Dapatkan akses sementara ke konsol cloud.
  • Lebih dari 200 lab mulai dari tingkat pemula hingga lanjutan.
  • Berdurasi singkat, jadi Anda dapat belajar dengan santai.
Bergabung untuk Memulai Lab Ini