1. 在 Apigee 控制台中创建一个具有必要权限的 API 代理。
2. 选择“流”选项卡，然后单击“编码”选项卡，在“Request” 事件中添加以下代码：

var externalAuthServer = "http://external-auth-server.com/"

if(request.headers.get("Authorization") == null) { response.statusCode = parseInt("401", 10); response.reasonPhrase = "Unauthorized"; response.content = "Authorization header is required."; } else { // Call the external authentication server // Send the Authorization header to the external server curlRequest = new Request(externalAuthServer+"authenticate"); curlRequest.method = "POST"; curlRequest.setHeader("Authorization", request.headers.get("Authorization"));

response = httpClient.send(curlRequest);
if(response.status == parseInt("200", 10)) {
	// At this point, the user is authenticated
	// and you can proceed to the target URL.
            // For instance, if you want to call 
            // a protected API proxy on Apigee 
            // called "my-protected-api", then:

	var targetUrl = "http://my-org.apigee.net/my-protected-api" +
                            request.getUri().getQuery();
            
	targetRequest = new Request(targetUrl);
	targetResponse =  targetHttpClient.send(targetRequest);

} else {
	// Authentication failed. 
	// Set appropriate error codes and error messages.
	response.statusCode = parseInt("401", 10);
       	response.reasonPhrase = "Unauthorized";
       	response.content = "Authentication failed.";
}

}

3. 在您的外部身份验证服务器上添加“authenticate”端点，该端点接受带有 Authorization 标头的 POST 请求，并验证该标头中的凭据。
4. 检查 Apigee 代理的“Target Endpoint”配置，确保您的代理使用的是后端使用相同身份验证机制的 API。

请注意，这只是一个示例，可以根据您的身份验证服务器和代理的需求进行定制。