Extending Agent Gateway Capabilities with Apigee | Community TechTalk (Recording)

Are you ready to secure your autonomous AI agents for production? Transitioning from a prototype to an enterprise-grade agentic workflow requires more than just connecting LLMs—it demands a robust gateway architecture that manages identity, security, and real-time governance.

In our latest TechTalk, Joel Gauci (EMEA Solutions Lead, Apigee) breaks down the Extended Agent Gateway pattern. He demonstrates how to implement a secure “airlock” for AI agents, enforcing token exchange and fine-grained authorization to ensure that agents only invoke authorized tools with the minimum necessary privileges.

Watch the recording on YouTube

Access the presentation slides here

Hardening the Agentic Gateway

To securely manage and scale AI agents in an enterprise environment, your gateway architecture needs three critical configurations:

• The Identity Facade: Protecting your central Identity Provider (IdP) by acting as an intermediary for agents, preventing them from having direct access to sensitive credentials.

• Zero-Trust Token Exchange: Implementing dynamic, short-lived, and opaque access tokens that are specific to a single task, minimizing the “blast radius” if an agent is compromised.

• MCP Governance: Leveraging the Model Context Protocol (MCP) to provide a unified, governed way for agents to discover and interact with your corporate API assets.

Key Takeaways from the Session

During this highly technical session, Joel introduced the core architectural practices required to make AI integrations enterprise-grade.

He showcased how to propagate end-user identity throughout the entire chain—from the agent to the MCP server, and finally to the backend API—without ever exposing the user’s ID token to the agent itself. Joel walked through the use of Opaque Access Tokens and demonstrated how Apigee handles the transcoding between JSON-RPC (used by agents/MCP) and REST (used by backend APIs). By implementing this “funnel” approach, organizations can enforce tool filtering and fine-grained authorization (FGA) before a single request ever touches the backend infrastructure.

Next Steps

Continue the Conversation: How are you handling identity propagation for your AI agents? Share your architectural patterns or ask Joel your specific questions in the comments below!

Share Feedback → Feedback: Apigee Community TechTalks

Explore Further: Contact our team to map out your agentic proxy and gateway strategy → https://goo.gle/3PU6ljD

Stay Tuned: Join us next week as Nigel dives into powering Gemini Enterprise with Apigee APIs → Google Cloud Apigee Community TechTalks

Hi all! Our latest Community TechTalk session is now available for on-demand viewing. You can find the recap of our Q&A below.

Thanks to everyone who attended; please feel free to keep the conversation going in this thread. How are you managing identity propagation for your AI agents? Share your architectural patterns or post your specific questions for Joel in the comments

Q: if you have changed/updated the scope of an Agent’s access how and when would your identity facade update this authorization ?
A: The new scope will be used as soon as a new token is created.

Q: the MCP discovery gets all tools listed as output from single server. If we do not want to present all 1000 tools to all agents but rather put way to segregate tools based on the domains – finance, sales, etc to limit the context.
A: There is a new policy and product operation (operation payload) that can be used to filter tools that must be presented to an agent.
The Parsepayload policy should be released soon…stay tuned!

Q: mcp_tools custom attribute does it work with MCP discovery API out of box or needs custom code to validate it
A: Use the Parsepayload policy that should be released very soon to filter tools
mcp_tools requires custom code for discovery proxy but it is part of the rendering in apigee Go gen