We have API endpoints hosted on internal servers and are not exposed to the internet, is there any option in Apigee to expose these internal API to the internet with a layer of authentication so that it can be consumed by our external partners?
Yes, this is a common pattern for using Apigee.
It looks like this:
- expose the internal service to the internet via a firewall
- Do one of the following
- enforce mutual TLS on the firewall and configure the Apigee southbound interface to present the correct TLS keys + certificates
OR - enforce an IP allowlist on the firewall, configured with the Apigee southbound IP Addresses.
- enforce mutual TLS on the firewall and configure the Apigee southbound interface to present the correct TLS keys + certificates
- Construct an API Proxy that enforces OAuth token security (or JWT, or HMAC, etc) on the northbound (inbound) side.
- Publish that API to a developer portal
- invite external partners to authenticate to the portal, self-provision App credentials. The developers of the apps then embed those credentials into the app, and that allows the app to connect to the inbound interface of Apigee.