Apigee API Security

search share 가입 로그인

Apigee API Security

2시간 크레딧 5개



Welcome to Google's Apigee API Jam Lab 2 on API Security! This hands-on lab is designed to jumpstart your understanding of API management with a focus on API security. Google's Apigee API Management platform helps you set up end-to-end security across your digital value chain, and in this lab, you will walk through 5 exercises that showcase the breadth of Apigee's API security features.


This workshop will be valuable to API developers, architects, and anyone who wants to quickly gain a fundamental understanding of how to secure APIs using Google's Apigee platform.

For more detailed guides, please visit our API Security documentation page.

Lab Objectives

In this lab you will learn how to perform the following tasks:

  1. Throttle your API Traffic to prevent DoS, using Apigee's Spike Arrest policy

  2. Set up OAuth 2.0 based API security (Client Credentials grant type)

  3. Protect your APIs against content-based threats

  4. Set up JWT based protection for your API

  5. Set up Apigee to work with an External Identity Provider for App end-user identity (OAuth 2.0 Password Grant Type), where Apigee serves as the authorization server.

Lab Prerequisites

For this lab, you will need:

  • A modern web browser like Chrome (v50+) to access the Apigee Platform UI.

  • A Remote Desktop Protocol (RDP) client.

  • Access to an HTTP client to test the API (eg. cURL, Postman, etc.). If you do not have access to one, you can use the Apigee Debug Tool.

  • A basic understanding of Apigee platform entities such as API Proxies, Apps, and Products. For a refresher of the API Management Lifecycle, please complete the Apigee API Management Fundamentals lab (See Resources List on the left), or attend one of our Virtual API Jam sessions.

Lab Setup

For this lab, you will need access to an Apigee Organization (Org) and the underlying Google Cloud Platform (GCP) project that the org is tied to. To get this, click on the Start Lab button on the left panel of this lab.


This will generate a student project on GCP and the associated evaluation org on Apigee. This org will be available to you for the duration of this lab.


Open a new incognito browser window and log into the GCP console at Use the Username and Password from the left panel (similar to the image above) log into the GCP console.

fd2fee3fdd1e4fdb.png 58a8d4c3716a3c3d.png

You will need to click "Accept" on the next screen, to accept the Google Terms of Service and the Google Privacy Policy.


The next screen may ask you to confirm account protection settings. Click "Confirm".


Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

In the Cloud Console, in the top right toolbar, click the Activate Cloud Shell button.

Cloud Shell icon

Click Continue.


It takes a few moments to provision and connect to the environment. When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. For example:

Cloud Shell Terminal

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

You can list the active account name with this command:

gcloud auth list


Credentialed accounts:
 - <myaccount>@<mydomain>.com (active)

(Example output)

Credentialed accounts:

You can list the project ID with this command:

gcloud config list project


project = <project_ID>

(Example output)

project = qwiklabs-gcp-44776a13dea667a6

Remote Desktop (RDP) into the Student Workstation

This lab requires that students perform all steps in the student-workstation virtual machine. To RDP into the student workstation open a new incognito browser window and navigate to Use the Username and Password from the left panel to log into the GCP console.

Test the status of Windows Startup

The student-workstation Windows Server instance is automatically provisioned and listed on the VM Instances page of Compute Engine in the GCP Console. To viev the instance, navigate to the left menu > Compute Engine > VM Instances.


The student-workstation instance will not be ready to accept RDP connections immediately as it takes some time for the OS components to initialize. The section below describes methods you can use to RDP into the virtual machine.

RDP into the Windows Server

There are different ways to connect to your server through RDP, depending on whether you are on Windows or not:

If you are using a Chromebook or other machine at a Google Cloud event there is likely an RDP app already installed on the computer. Click the icon as below, if it is present, in the lower left corner of the screen and enter the external IP of your VM.


Alternatively, if you are on a Windows machine, you can download the RDP file by selecting it from the RDP menu.


On Windows, you can simply double click on the RDP file and login using the Windows user and password.

If you are on a Macintosh, there are several freely accessible RDP Client packages available to install, such as CoRD.

After installing, connect as above to the External IP address of the student-workstation Windows server. Once it has connected, it will open up a login page where you can specify the credentials below to log into the machine:

  • Username: student
  • Password: Learning123!

Once logged in, you should see the Windows desktop!


Copy and pasting with the RDP client

Once you are able to RDP into the student workstation VM you will perform the steps for each section below while connected to the student workstation VM.

During this lab, you may find yourself copying and pasting commands from the lab manual. You can copy and paste instructions from the lab guide into the student workstation VM.

To paste, hold the CTRL-V keys (if you are a Mac user, using CMND-V will not work.) If you are in a Powershell window, be sure that you have clicked in to the window or else the paste shortcut won't work.

If you are pasting into putty, right click.

Accessing the Apigee Org

To access your Apigee org, open the Chrome browser shortcut found on the desktop of the student-workstation VM. Navigate to and log in using the Username and Password provided earlier.

You will then be led to the Apigee Platform UI.


You will utilize the student workstation VM to complete the remaining sections of this lab.

You're now all set to get started with this lab!

이 실습의 나머지 부분과 기타 사항에 대해 알아보려면 Qwiklabs에 가입하세요.

  • Cloud Console에 대한 임시 액세스 권한을 얻습니다.
  • 초급부터 고급 수준까지 200여 개의 실습이 준비되어 있습니다.
  • 자신의 학습 속도에 맞춰 학습할 수 있도록 적은 분량으로 나누어져 있습니다.
이 실습을 시작하려면 가입하세요