Apigee X

DataDome Apigee integration detects and protects against bot activity.

Before the Apigee proxy processes a client request, the proxy will call the DataDome API using a ServiceCallout policy.
Depending on the API response, the integration will either block the request and return the content provided by DataDome, or let Apigee proceed with the regular process.
The module has been developed to protect the users’ experience: if any errors were to occur during the DataDome process or if the call to DataDome reaches a timeout, the integration will automatically assume a 200 for that request and continue the process normally.

Compatibility

This integration is compatible with all Apigee proxies.

Prerequisites

This article assumes that the user has already:
1. A Google Cloud account: https://console.cloud.google.com/
2. Created a project in GCP: https://console.cloud.google.com/projectcreate
3. Created an Apigee proxy: https://apigee.google.com/edge

Installation

You have two options to install the module: by importing the whole package or importing the files manually. We recommend using the first option if you just created a basic proxy, otherwise use the second option.

Option 1: import

❗️

Kindly note that this process is only applicable for newly created proxies, otherwise, all your proxy configuration will be overwritten, including the HTTPProxyConnection BasePath and the HTTPTargetConnection URL. If you want to import DataDome manually, see here

  1. In the Apigee overview screen, choose Develop > API Proxies from the left menu
320320
  1. Click on the Proxy that you want to include the DataDome integration
13111311
  1. Switch to the Develop tab
670670
  1. Click on the top-right burger menu
486486
  1. Click on Import revision
266266
  1. An Import revision modal will be shown, browse to the location of the zip file provided by DataDome
  2. Click on Import
576576
  1. A toast message will let you know that the import has been successful
561561
  1. Update the HTTPTargetConnection URL : click on default under the Target endpoints header, and replace the temporary value with the URL of your target endpoint as required.
916916
  1. Update the HTTPProxyConnection BasePath: click on default under the Proxy endpoints header, and replace the temporary value with your base path as required. (The base path is part of the URL used to make requests to your API).
907907
  1. Set up your DataDome Server-side key in DD_AssignVariables.js with your own API server key provided by DataDome. You can find this key inside our dashboard. Update the other parameters as described in the Settings section if needed.
  2. Click on the Deploy button to see the above changes in action
406406

Option 2: manual import

📘

This option is recommended for users who want to integrate the call to DataDome within their already functional Apigee proxies. The following process will be repetitive and we kindly advise you to double-check naming so that no issues will be encountered.

  1. Click on the Proxy that you want to include the DataDome integration
12491249
  1. Switch to the Develop tab
593593
  1. Click on the Add Policy button
589589
  1. A Create Policy modal will be shown
682682
  1. For each of the following, create a policy as instructed
NamePolicy TypeDisplay nameResource typeResource nameEndpoint TypeHTTP target
JS-DD_AssignVariablesJavascriptJS-DD_AssignVariablesJavascriptDD_AssignVariables.js--
JS-DD_ReadResponseJavascriptJS-DD_ReadResponseJavascriptDD_ReadResponse.js--
JS-DD_ReturnHeadersJavascriptJS-DD_ReturnHeadersJavascriptDD_ReturnHeaders.js--
RF-DD_BlockedRaise FaultRF-DD_Blocked----
SC-DD_CallService CalloutSC-DD_Call--HTTPhttps://api.datadome.co/validate-request/
  1. Go through the following three resource files, and copy and paste the code directly
    1. Press the Switch to Text Editor button on the top-right to view the code editor
    2. Press Save to update the files
    Resources:
  • DD_AssignVariables.js
  • DD_ReadResponse.js
  • DD_ReturnHeaders.js
  1. Click on PreFlow under the Proxy endpoints > default
389389

Paste the following steps at the beginning of the PreFlow section

<Step>
    <Name>JS-DD_AssignVariables</Name>
</Step>
<Step>
    <Name>SC-DD_Call</Name>
    <Condition>{ ! (request.path JavaRegex ".*.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$")}</Condition>
</Step>
<Step>
    <Name>JS-DD_ReadResponse</Name>
</Step>
<Step>
    <Name>RF-DD_Blocked</Name>
    <Condition>DD_Response.status.code = 401 || DD_Response.status.code = 403</Condition>
</Step>
  1. Click on PostFlow under the Proxy endpoints > default
421421

Paste the following step at the beginning of the PostFlow section

<Step>
    <Name>JS-DD_ReturnHeaders</Name>
</Step>
  1. Set up your DataDome Server-side key in DD_AssignVariables.js with your own API server key provided by DataDome. You can find this key inside our dashboard. Update the other parameters as described in the next section if needed.
  2. Click on the Deploy button to see the above changes in action
406406

Settings

As can be seen below, most parameters default to a value. However, it is important to note that the license key must be set up such that this module can function.

SettingFound inDescriptionDefault
domainPolicy SC-DD_CallAPI endpoint URL
Available endpoints
api.datadome.co
protocolPolicy SC-DD_CallAPI endpoint protocolhttp
timeoutPolicy SC-DD_CallAPI connection timeout (in milliseconds)150
inclusion patternProxy endpoint PreFlowRegular expression to include URLs

N.B. This pattern needs to be AND’d (&&) to the exclusion pattern in the second step of the PreFlow
n/a
exclusion patternProxy endpoint PreFlowRegular expression to exclude URLs (exclude static assets)".*.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$”
license keyResource DD_AssignVariables.jsLicense key to access the API
trace outputResource DD_AssignVariables.jsAllow DataDome to log the process to consolefalse