By exposing an API through Apigee Edge, you gain the ability to modify and monitor its behavior using out-of-the-box policies. Edge's out-of-the-box policies enable you to augment your API with sophisticated features to control traffic, enhance peformance, enforce security, and increase the utility of your APIs, without requiring you to write any code or to modify any backend services. Extension policies enable you to implement custom logic in the form of JavaScript, Python, Java, and XSLT.

Following are the categories of policies that Apigee provides. For the technical structure of each schema, see the policy schemas, which takes you directly to the Github repository where they are stored.

Traffic management policies

Traffic management policies let you configure cache, control traffic quotas and spikes, set concurrent rate limits, and so on.

Security policies

Security policies let you control access to your APIs with OAuth, API key validation, and other threat protection features.

Mediation policies

Mediation policies let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

Extension policies

Extension policies let you provide custom policy functionality beyond what is provided by Apigee Edge, with support for such features as service callout, message data collection, and calling Java, JavaScript, and Python behavior you have created.

Policy schemas

The policy schemas, available in Github, provide the full set of elements and attributes available for policy configuration.


Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)