What is APIGEE

Knowledge Sharing:
1.  Rather than having app developers consume your services directly, they access an API proxy created on Edge. The API proxy functions as a mapping of a publicly available HTTP endpoint to your backend service. 
2.  By creating an API proxy you let Edge handle the security and authorization tasks required to protect your services, as well as to analyze, monitor, and monetize those services.
3.  The API proxy isolates the app developer from your backend service. Therefore you are free to change the service implementation as long as the public API remains consistent.
4.  An API is a technology architecture that makes it easy for one application to 'consume' capabilities or data from another application.
5.  

• ProxyEndpoint: This configuration manages interactions with apps that consume your API. You configure the ProxyEndpoint to define the URL of your API. You usually attach Policies to the ProxyEndpoint to enforce security, quota checks, and other types of access control and rate-limiting.
• TargetEndpoint: This configuration manages interactions with your backend services on behalf of consumer apps. You configure the TargetEndpoint to forward request messages to the proper backend service. You usually attach Policies to the TargetEndpoint to ensure that response messages are properly formatted for the app that made the initial request.

6.  An API product is a bundle of API proxies combined with a service plan.
7.  An API product is a bundle of API proxies combined with a service plan. That service plan can set access limits on API proxies, provide security, allow monitoring and analytics, and provide additional features. API products are also the central mechanism that Edge uses for authorization and access control to your APIs.
8.  Consumer: App Developer
9.  You decide how to handle registration requests from developers to access your API products. By using Apigee Edge Developer Services, you can automate the registration process; or you can use a manual process to control access.
10. Apigee enables you to expose multiple interfaces to the same API, freeing you to customize the signature of an API to meet the needs of various developer niches simultaneously.
11. This term is distinguished from 'revision', which is the numbered, version-controlled package of configuration and policies bundled into an API Proxy. API interfaces have versions; API proxies have revisions.
12. You expose APIs on Apigee Edge by implementing API proxies
14. An API proxy is a bundle of XML configuration files and code (such as JavaScript and Java) that implements the facade for your backend HTTP services
15. API proxies manage request and response messages using a 'pipeline' processing model that defines 'Flows'. To customize the behavior of your API, you attach Policies to request and response Flows.
16. CORS (Cross-origin resource sharing) is a standard mechanism that allows JavaScript XMLHttpRequest (XHR) calls executed in a web page to interact with resources from non-origin domains. CORS is a commonly implemented solution to the "same-origin policy" that is enforced by all browsers
17. One solution to this problem is to create an Apigee API Services proxy that calls the Yahoo API on the back end. Remember that API Services sits between the client (a browser in this case) and the backend API (Yahoo Weather). Because the API proxy executes on the server, not in a browser, it is able to call Yahoo Weather successfully. Then, all you need to do is attach CORS headers to the TargetEndpoint response. As long as the browser supports CORS, these headers signal to the browser that it's okay to "relax" its same-origin policy, allowing the cross-origin API call to succeed.
18. Flow variables are named references that hold state associated with an API transaction processed by Apigee Edge. They exist within the context of an API proxy flow, and they track state in an API transaction the way named variables track state in a software program. Flow variables store information such as:

The IP address, headers, URL path, and payload sent from the requesting app
System information such as the date and time when Edge receives a request
Data derived when a policy executes. For example after a policy executes that validates an OAuth token, Edge creates flow variables that hold information like the name of the requesting application.
Information about the response from the target system


APIGEE vs SOA:
APIGEE will be used to manage the Security, Compatibility, Measuribility and Monetization of API.
SOA will be used to manage the orchestration of different services, and the integration with them.
APIGEE makes sense, 

Questions:
1. What is the security between APIGEE and Provider Application ? (APIGEE can do something on behalf of consuming application to authenticate itself in Provider Application, such as through basic authentication, or certificate/IP Based authentication.)
2.