Prev Next

API / APIGEE Interview questions

Apigee Interview Questions and Answers

  • 1. What are the flows in Apigee?

    Flows in Apigee define the processing path of API requests and responses inside an API proxy. The main flows are:

    • ProxyEndpoint PreFlow
    • ProxyEndpoint PostFlow
    • Conditional Flows
    • TargetEndpoint PreFlow
    • TargetEndpoint PostFlow
  • 2. Can you explain the flows in Apigee?

    PreFlow: Executes first before conditional flows.

    Conditional Flows: Executed based on matching conditions (like path or verb).

    PostFlow: Executes after conditional flows.

    ProxyEndpoint handles client-side processing, while TargetEndpoint handles backend processing.

  • 3. What is Southbound and Northbound in Apigee?

    Northbound: Client to Apigee (incoming request).

    Southbound: Apigee to backend target server (outgoing request).

  • 4. What are the different policies you worked on in Apigee?

    Security (OAuth, VerifyAPIKey), Traffic Management (Quota, Spike Arrest), Mediation (AssignMessage, ExtractVariables), Caching (ResponseCache), Threat Protection, ServiceCallout.

  • 5. What is the Quota policy?

    Quota policy limits the number of API calls allowed over a defined time interval (e.g., 1000 requests per day).

  • 6. What is the Spike Arrest policy?

    Spike Arrest controls traffic spikes by smoothing request rates (e.g., 10 requests per second).

  • 7. What is the difference between Quota and Spike Arrest policies?
    • Quota: Limits total requests over time.
    • Spike Arrest: Controls sudden bursts of traffic.
  • 8. Which one would you configure first when defining both Quota and Spike Arrest policies in the same proxy?

    Spike Arrest is configured first to protect against traffic bursts before applying Quota limits.

  • 9. What are the security policies used in Apigee?

    OAuth 2.0, VerifyAPIKey, JWT, Basic Authentication, HMAC, XML/JSON Threat Protection.

  • 10. What is the difference between Authentication and Authorization?

    Authentication: Verifies identity.

    Authorization: Grants access permissions.

  • 11. How does OAuth 2.0 work?

    OAuth 2.0 issues an access token after client authentication. The client uses the token to access protected resources.

  • 12. Which grant types have you worked with in OAuth 2.0?

    Authorization Code, Implicit, Client Credentials, Resource Owner Password Credentials.

  • 13. Can you explain how each grant type works?
    • Authorization Code: Uses authorization code exchanged for access token.
    • Implicit: Token returned directly (used in SPA, now discouraged).
    • Resource Owner Password: Uses username/password to get token.
    • Client Credentials: App authenticates using client ID and secret.
  • 14. Do you know about JWT? If yes, how does JWT work?

    JWT (JSON Web Token) is a signed token containing header, payload, and signature. It is used for secure data transmission between parties.

  • 15. What is XML and JSON threat protection?

    Policies that protect APIs from malicious payload attacks like oversized messages, entity expansion, and deep nesting.

  • 16. Do you know how to configure SSL while connecting to a target?

    SSL is configured using TargetEndpoint configuration with TrustStore and KeyStore settings in Apigee.

  • 17. How and where do you configure route rules?

    Route rules are configured in the ProxyEndpoint configuration to direct traffic to specific TargetEndpoints based on conditions.

  • 18. Can we configure multiple proxy and target endpoints in one proxy?

    Yes, multiple TargetEndpoints can be configured and selected using route rules.

  • 19. Are you aware of Key-Value Maps (KVM)?

    KVM stores environment-specific configuration data (like credentials or URLs). Configured in the management UI and accessed using KeyValueMapOperations policy.

  • 20. What are flow hooks, and when do we use them?

    Flow hooks allow attaching shared flows globally at specific stages (PreProxyFlow, PostProxyFlow, etc.) across all proxies.

  • 21. How do you load balance target endpoints using target servers?

    Configure multiple target servers under a TargetEndpoint with load balancing algorithms like Round Robin.

  • 22. When do you use Service Callout and Flow Callout?
    • Service Callout: Calls external services from proxy.
    • Flow Callout: Calls shared flows within Apigee.
  • 23. What are shared flows?

    Reusable policy bundles that can be invoked by multiple proxies.

  • 24. What cache policies have you used?

    ResponseCache, PopulateCache, LookupCache, InvalidateCache.

  • 25. What are Invalidate, Lookup, Populate, and Response Cache policies?
    • PopulateCache: Stores data in cache.
    • LookupCache: Retrieves data from cache.
    • InvalidateCache: Removes cache entries.
    • ResponseCache: Caches entire backend response.
  • 26. What are Products and Apps in Apigee?

    Products are bundles of APIs with access rules. Apps consume API products using credentials.

  • 27. How are Apps, Products, and Developers related?

    Developers create Apps. Apps subscribe to Products. Products define API access.

  • 28. What are Property Sets?

    Property sets are configuration files used to store environment-specific variables accessed during runtime.

«
»
BigData

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status