apigeecli icon indicating copy to clipboard operation
apigeecli copied to clipboard
verified publisher icon apigee

[FR] Allow disabling SSL verification, and changing the server endpoint and port

Open ascopes opened this issue 6 months ago • 0 comments

Is your feature request related to a problem? Please describe.

I would like to be able to interact with certain API endpoints via a port-forwarded connection, currently I am unable to do this without editing the system HOSTS file to spoof IP address resolution for official Apigee endpoints, and this requires root. I also have to port-forward as root since the tooling only allows the use of port 443.

One use case would be port-forwarding over SSM to an EC2 bastion. This allows remoting the local machine into a trusted network based on strict IAM permissions that are linked to SSO/LDAP federation rather than having to rely on L2-4 networking identities to enforce enterprise-level security.

Describe the solution you'd like

  • A flag to disable SSL verification in situations where we trust the endpoint we are calling and have no control over SSL handling without further significant engineering (often not practical for simple development of non-production systems, working in tightly controlled environments behind corporate proxies with custom CA stores that developers cannot control, etc).
  • The ability to override the server endpoint and port.

I'd like to be able to tell apigeecli to point at https://localhost:1234 to be able to hit Apigee APIs in this scenario.

Describe alternatives you've considered

  • Running a proxy server locally - requires external tooling and knowledge from developers to work correctly, which is far more clunky. Needs reconfiguring every time a new port forwarding session is opened... which could be as often as every 15 mins.
  • Modifying HOSTS locally and running port forwarding with elevation on the local machine (arguably more of a security risk than ignoring SSL verification when working within a closed network, since user elevation puts a risk on the entire machine rather than a single HTTPS transaction in an otherwise trusted network).
  • Not using Apigeecli at all - much more work, defeats the purpose somewhat.

ascopes avatar Jun 17 '25 13:06 ascopes