This page applies to Apigee and Apigee hybrid.
View
Apigee Edge documentation.
To get started using the Apigee Extension Processor, see the Apigee Extension Processor quickstart.
Use cases for the Apigee Extension Processor
Apigee customers using the Extension Processor can select from a range of Apigee policies that apply API management capabilities to any products or services exposed using a Google Cloud load balancer.
With the Extension Processor, you can:
- Secure access to Google Cloud workloads.
Choose from a wide range of Apigee policies to apply to your load balancer traffic, including VerifyApiKey, OAuthV2, and VerifyJWS.
- Apply quota enforcement to network traffic.
This capability lets API providers enforce limits on the number of API calls made to backend services over a specified time period. For example, you can use the Quota policy to limit calls to 1 request per minute, or to 10,000 requests per month.
- Manage Google token injection for authenticating requests.
Using the Extension Processor and the AssignMessage policy, you can inject a Google access token or Google ID token into client request headers to manage access to GOogle-authenticated backend services and products.
- Support native protocols.
The Extension Processor unlocks support for native protocols such as gRPC bi-directional streaming, Server-Sent Events (SSE), and HTTP/3.
Benefits
In addition to supporting the use cases described earlier, the Extension Processor provides all the benefits of built-in Apigee features, such as:
- Security: Advanced API Security continually monitors and analyzes your API traffic to identify suspicious API requests and provides tools to block or flag those requests.
- Monetization: Generate revenue whenever your APIs are used by adding rate plans to customized API products you create within Apigee.
- Traceability: Apigee's distributed tracing system lets you track requests in distributed systems across multiple applications, services, and databases, and proxies.
- Business intelligence: Apigee API Analytics collects the wealth of information flowing through your load balancer, providing data visualization in the UI or the ability to download data for offline analysis.
How Apigee Extension Processor works
The Apigee Extension Processor is a traffic extension (a type of service extension) that lets you use Cloud Load Balancing
to send callouts to Apigee from the data processing path of the application load balancer. Once the application load balancer
and service extension are configured, traffic flowing through the application load balancer will trigger calls to
Apigee proxies using the service extension, as shown in the following figure:
The diagram outlines the required components of the Apigee Extension Processor configuration:
- An Application Load Balancer with a backend service configured with a Network Endpoint Group (NEG) covering all application backends.
- An Apigee instance with a dedicated environment for the Extension Processor and the property
apigee-service-extension-enabledset totrue. - A traffic extension (a type of service extension) configured to use a Private Service Connect (PSC) endpoint to connect to the Apigee runtime plane.
- A no-target Apigee API proxy running in a special environment. The proxy is used to apply API management capabilities to the load balancer traffic.
As shown in the flow diagram:
- 1: The client sends a request to the Application Load Balancer.
- 2: The Application Load Balancer reviews the traffic and calls out to the Service Extension.
- 3: The Service Extension implementation in the Apigee message processor applies any relevant API management policies and returns the request, with any modifications, to the Application Load Balancer.
- 4: The Application Load Balancer completes processing and forwards the request to the backend service. Similar processing occurs for the response path from the backend service to the Application Load Balancer and to the client.
For more information, see Cloud Load Balancing extensions.
Limitations
The Apigee Extension Processor has the following known limitations:
- The Extension Processor is applied at the load balancer level. All traffic passing through the load balancer is processed by the same proxy, with no base path or URL distinction.
- The Extension Processor supports header processing only. The Extension Processor does not support body processing or policies that
include
bodyevents. - Traffic through the Extension Processor is subject to the same quotas as the Cloud Load Balancing.
Relevant limits and quotas include the following:
- Maximum number of traffic extensions per load balancer: 1
- Maximum traffic extensions per project: 100
- Maximum extension chains per project: 5
- Maximum extensions per resource: 3
For more information, see Quotas and limits.
- Additional limits apply to environments, environment groups, and API proxies when using the
Extension Processor:
- A maximum of one environment can be attached to the environment group used to configure the Extension Processor.
- The environment used when configuring the Extension Processor can have a maximum of 50 API proxies deployed.
- The API proxies deployed in the dedicated environment for the Extension Processor must all be of the same proxy type. The API proxies must be either all standard API proxies or all extensible API proxies. Standard and extensible API proxies can't be mixed in the Extension Processor environment.
For more information, see Create an Apigee environment.
For more information on Apigee limits generally, see Limits.
- The following Apigee policies are not supported for use with the Extension Processor:
Pricing
In addition to costs associated with your Apigee Subscription or Pay-as-you-go pricing plans, the following networking costs may apply when using Apigee Extension Processor:
What's next
- Learn how to Get started with the Apigee Extension Processor.
- Learn more about working with Service Extensions.
- Explore how Apigee Extension Processor works with the Apigee APIM Operator for Kubernetes (Preview).