Apigee X

DataDome Apigee integration detects and protects against bot activity.

Before the Apigee proxy processes a client request, the proxy will call the DataDome API using a ServiceCallout policy.
Depending on the API response, the integration will either block the request and return the content provided by DataDome, or let Apigee proceed with the regular process.
The module has been developed to protect the users’ experience: if any errors were to occur during the DataDome process or if the call to DataDome reaches a timeout, the integration will automatically assume a 200 for that request and continue the process normally.

Compatibility

This integration is compatible with all Apigee proxies.

Prerequisites

This article assumes that the user has already:
1. A Google Cloud account: https://console.cloud.google.com/
2. Created a project in GCP: https://console.cloud.google.com/projectcreate
3. Created an Apigee proxy: https://apigee.google.com/edge

Installation

You have two options to install the module: by importing the whole package or importing the files manually. We recommend using the first option if you just created a basic proxy, otherwise use the second option.

Option 1: import

❗️

Kindly note that this process is only applicable for newly created proxies, otherwise, all your proxy configuration will be overwritten, including the HTTPProxyConnection BasePath and the HTTPTargetConnection URL. If you want to import DataDome manually, see here

  1. In the Apigee overview screen, choose Develop > API Proxies from the left menu
320
  1. Click on the Proxy that you want to include the DataDome integration
1311
  1. Switch to the Develop tab
670
  1. Click on the top-right burger menu
486
  1. Click on Import revision
266
  1. An Import revision modal will be shown, browse to the location of the zip file provided by DataDome that you downloaded
  2. Click on Import
576
  1. A toast message will let you know that the import has been successful
561
  1. Update the HTTPTargetConnection URL : click on default under the Target endpoints header, and replace the temporary value with the URL of your target endpoint as required.
916
  1. Update the HTTPProxyConnection BasePath: click on default under the Proxy endpoints header, and replace the temporary value with your base path as required. (The base path is part of the URL used to make requests to your API).
907
  1. Set up your DataDome Server-side key in DD_AssignVariables.js with your own API server key provided by DataDome. You can find this key inside our dashboard. Update the other parameters as described in the Settings section if needed.
  2. Click on the Deploy button to see the above changes in action
406

Option 2: manual import

📘

This option is recommended for users who want to integrate the call to DataDome within their already functional Apigee proxies. The following process will be repetitive and we kindly advise you to double-check naming so that no issues will be encountered.

  1. Click on the Proxy that you want to include the DataDome integration
1249
  1. Switch to the Develop tab
593
  1. Click on the Add Policy button
589
  1. A Create Policy modal will be shown
682
  1. For each of the following, create a policy as instructed
NamePolicy TypeDisplay nameResource typeResource nameEndpoint TypeHTTP target
JS-DD_AssignVariablesJavascriptJS-DD_AssignVariablesJavascriptDD_AssignVariables.js--
JS-DD_ReadResponseJavascriptJS-DD_ReadResponseJavascriptDD_ReadResponse.js--
JS-DD_ReturnHeadersJavascriptJS-DD_ReturnHeadersJavascriptDD_ReturnHeaders.js--
RF-DD_BlockedRaise FaultRF-DD_Blocked----
SC-DD_CallService CalloutSC-DD_Call--HTTPhttps://api.datadome.co/validate-request/
  1. Download code here and go through the following three resource files, then copy and paste the code directly
    1. Press the Switch to Text Editor button on the top-right to view the code editor
    2. Press Save to update the files
    Resources:
  • DD_AssignVariables.js
  • DD_ReadResponse.js
  • DD_ReturnHeaders.js
  1. Click on PreFlow under the Proxy endpoints > default
389

Paste the following steps at the beginning of the PreFlow section, inside the Request tag

<Step>
    <Name>JS-DD_AssignVariables</Name>
</Step>
<Step>
    <Name>SC-DD_Call</Name>
    <Condition>{ ! (request.path JavaRegex ".*.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$")}</Condition>
</Step>
<Step>
    <Name>JS-DD_ReadResponse</Name>
</Step>
<Step>
    <Name>RF-DD_Blocked</Name>
    <Condition>DD_Response.status.code = 401 || DD_Response.status.code = 403</Condition>
</Step>
  1. Click on PostFlow under the Proxy endpoints > default
421

Paste the following step at the beginning of the PostFlow section inside of the Response tag

<Step>
    <Name>JS-DD_ReturnHeaders</Name>
</Step>
  1. Set up your DataDome Server-side key in DD_AssignVariables.js with your own API server key provided by DataDome. You can find this key inside our dashboard. Update the other parameters as described in the next section if needed.
  2. Click on the Deploy button to see the above changes in action
406

Settings

As can be seen below, most parameters default to a value. However, it is important to note that the license key must be set up such that this module can function.

SettingFound inDescriptionDefault
domainPolicy SC-DD_CallAPI endpoint URL
Available endpoints
api.datadome.co
protocolPolicy SC-DD_CallAPI endpoint protocolhttp
timeoutPolicy SC-DD_CallAPI connection timeout (in milliseconds)150
inclusion patternProxy endpoint PreFlowRegular expression to include URLs

N.B. This pattern needs to be AND’d (&&) to the exclusion pattern in the second step of the PreFlow
n/a
exclusion patternProxy endpoint PreFlowRegular expression to exclude URLs (exclude static assets)".*.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$”
license keyResource DD_AssignVariables.jsLicense key to access the API
trace outputResource DD_AssignVariables.jsAllow DataDome to log the process to consolefalse