Hacker News new | past | comments | ask | show | jobs | submit login

Never understood Apigee's core product. I like their whitebooks though. quite informative. So congratulations.



We use Apigee's Edge product. It provides API management tools like authentication, authorization, rate limiting, etc before the request hits your actual API. Its a pretty good product, if that isn't your core competency.


It's not a lot of people's core competency, which is exactly what makes API gateways so useful.

This way anyone can write some half-baked endpoint that returns some JSON, and you put Apigee or any of its competitors in front of it, taking care of the hard stuff like authorization, rate limiting, etc, without which you can have a really rough time.


But apigee becomes a man in the middle, which is very bad for your security.


I imagine it's a tradeoff. It's worse for your security if you try to roll your own auth/auth solution and botch it.


Auth is a routine job, only a really silly developer manages to make simple token auth vulnerable. There's no a "tradeoff" in leaving auth to MitM because it's "hard", oh also there's bunch of libraries out there doing it for you on your servers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: