Deploy, test and add spike arrest policy to the API proxy
Create OAuth Token Endpoint
Create API product,generate API key and test oauth token generation
JSON Threat Protection policy
Regular Expression Protection
Create an encrypted KVM , add a shared secret key and test Generate/Verify JWT
Create OAuth Token Endpoints
Apigee API Security
Welcome to Google's Apigee API Jam Lab 2 on API Security! This hands-on lab is designed to jumpstart your understanding of API management with a focus on API security. Google's Apigee API Management platform helps you set up end-to-end security across your digital value chain, and in this lab, you will walk through 5 exercises that showcase the breadth of Apigee's API security features.
This workshop will be valuable to API developers, architects, and anyone who wants to quickly gain a fundamental understanding of how to secure APIs using Google's Apigee platform.
For more detailed guides, please visit our API Security documentation page.
In this lab you will learn how to perform the following tasks:
Throttle your API Traffic to prevent DoS, using Apigee's Spike Arrest policy
Set up OAuth 2.0 based API security (Client Credentials grant type)
Protect your APIs against content-based threats
Set up JWT based protection for your API
Set up Apigee to work with an External Identity Provider for App end-user identity (OAuth 2.0 Password Grant Type), where Apigee serves as the authorization server.
For this lab, you will need:
A modern web browser like Chrome (v50+) to access the Apigee Platform UI.
A Remote Desktop Protocol (RDP) client.
Access to an HTTP client to test the API (eg. cURL, Postman, etc.). If you do not have access to one, you can use the Apigee Debug Tool.
A basic understanding of Apigee platform entities such as API Proxies, Apps, and Products. For a refresher of the API Management Lifecycle, please complete the Apigee API Management Fundamentals lab (See Resources List on the left), or attend one of our Virtual API Jam sessions.
For this lab, you will need access to an Apigee Organization (Org) and the underlying Google Cloud Platform (GCP) project that the org is tied to. To get this, click on the Start Lab button on the left panel of this lab.
This will generate a student project on GCP and the associated evaluation org on Apigee. This org will be available to you for the duration of this lab.
Open a new incognito browser window and log into the GCP console at https://console.cloud.google.com. Use the Username and Password from the left panel (similar to the image above) log into the GCP console.
The next screen may ask you to confirm account protection settings. Click "Confirm".
Activate Cloud Shell
Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.
In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.
It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:
gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.
You can list the active account name with this command:
gcloud auth list
Credentialed accounts: - <myaccount>@<mydomain>.com (active)
Credentialed accounts: - firstname.lastname@example.org
You can list the project ID with this command:
gcloud config list project
[core] project = <project_ID>
[core] project = qwiklabs-gcp-44776a13dea667a6
Remote Desktop (RDP) into the Student Workstation
This lab requires that students perform all steps in the
student-workstation virtual machine. To RDP into the student workstation open a new incognito browser window and navigate to https://console.cloud.google.com. Use the Username and Password from the left panel to log into the GCP console.
Test the status of Windows Startup
student-workstation Windows Server instance is automatically provisioned and listed on the VM Instances page of Compute Engine in the GCP Console. To viev the instance, navigate to the left menu > Compute Engine > VM Instances.
student-workstation instance will not be ready to accept RDP connections immediately as it takes some time for the OS components to initialize. The section below describes methods you can use to RDP into the virtual machine.
RDP into the Windows Server
There are different ways to connect to your server through RDP, depending on whether you are on Windows or not:
If you are using a Chromebook or other machine at a Google Cloud event there is likely an RDP app already installed on the computer. Click the icon as below, if it is present, in the lower left corner of the screen and enter the external IP of your VM.
Alternatively, if you are on a Windows machine, you can download the RDP file by selecting it from the RDP menu.
On Windows, you can simply double click on the RDP file and login using the Windows user and password.
If you are on a Macintosh, there are several freely accessible RDP Client packages available to install, such as CoRD.
After installing, connect as above to the External IP address of the
student-workstation Windows server. Once it has connected, it will open up a login page where you can specify the credentials below to log into the machine:
- Username: student
- Password: Learning123!
Once logged in, you should see the Windows desktop!
Copy and pasting with the RDP client
Once you are able to RDP into the student workstation VM you will perform the steps for each section below while connected to the student workstation VM.
During this lab, you may find yourself copying and pasting commands from the lab manual. You can copy and paste instructions from the lab guide into the student workstation VM.
To paste, hold the CTRL-V keys (if you are a Mac user, using CMND-V will not work.) If you are in a Powershell window, be sure that you have clicked in to the window or else the paste shortcut won't work.
If you are pasting into putty, right click.
Accessing the Apigee Org
To access your Apigee org, open the Chrome browser shortcut found on the desktop of the
student-workstation VM. Navigate to https://apigee.google.com and log in using the Username and Password provided earlier.
You will then be led to the Apigee Platform UI.
You will utilize the student workstation VM to complete the remaining sections of this lab.
You're now all set to get started with this lab!
이 실습의 나머지 부분과 기타 사항에 대해 알아보려면 Qwiklabs에 가입하세요.
- Cloud Console에 대한 임시 액세스 권한을 얻습니다.
- 초급부터 고급 수준까지 200여 개의 실습이 준비되어 있습니다.
- 자신의 학습 속도에 맞춰 학습할 수 있도록 적은 분량으로 나누어져 있습니다.