By adding an API to the API platform, you gain the ability to modify and monitor its behavior using out-of-the-box policies. The out-of-the-box policies let you add sophisticated features to control traffic, enhance peformance, enforce security, and increase the utility of your APIs, without coding or changing backend services. Extension policies enable you to add custom logic in the form of JavScript, Python, Java, and XSLT to an API, tailoring it to meet business requirements.
Following are the categories of policies that Apigee provides. For the technical structure of each schema, see the policy schemas, which takes you directly to the Github repository where they are stored.
Traffic management policies let you configure cache, control traffic quotas and spikes, set concurrent rate limits, and so on.
Security policies let you control access to your APIs with OAuth, API key validation, and other threat protection features.
Mediation policies let you perform message transformation, parsing, and validation, as well as raise faults and alerts.
Video: Quota and mediation policies
The real benifit of adding your API to Apigee is the ability to easily track and modify its behavior. The out-of-the-box policies let you add sophisticated features that let you control traffic, add secuirty, and increase the utility of your APIs all without coding or changing your base API in any way.
An updated video is in development.