Console
    Start free

    Policy reference overview

    This page applies to Apigeeand Apigee hybrid.

    View Apigee Edge documentation.

    Apigee's policies augment your APIs to control traffic, enhance performance, enforce security, and increase the utility of your APIs, without requiring you to write code or modify backend services.

    In addition, Apigee provides extension policies that let you implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets.

    Policy categories and types

    A policy's category indicates the functional area (for example, security or mediation) for the policy. Policies are shown sorted by category below.

    The policy type refers to how the policy can be used in Apigee:

    • Standard policies are suitable for internal development and lightweight API solutions. Standard policies can be used with any environment type . To see the list of standard policies, see Standard policies by category .
    • Extensible policies provide more functionality than standard policies, including for traffic management, mediation, and security. The extensible policies also include policies to implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets.

      Extensible policies can be used with intermediate and comprehensive environment types only. Using an extensible policy automatically converts that proxy to an Extensible proxy , which could have cost and other implications. Check the Pay-as-you-go entitlements and Subscription 2024 for information.

      To see the list of extensible policies, see Extensible policies by category .

    For Pay-as-you-go users, the types of policies you can use in a proxy depend on the environment types you plan to deploy that proxy to. See Pay-as-you-go for more information.

    If there are two policies, one standard and one extensible, that would both perform the functions you need, use the standard policy.

    Standard policies by category

    Following are the categories for the standard policies:

    Category
    Policy name
    Description

    Extension policies

    Let you define custom policy functionality, such as service callout and message data collection.

    Mediation policies

    Let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

    Security policies

    Let you apply security-related policies.

    Traffic management policies

    Let you control quotas and mitigate the effects of API traffic spikes.

    Extensible policies by category

    Following are the extensible policies, by category. Proxies with extensible policies can only be deployed to intermediate and comprehensive environments. Extensible policies are indicated in the user interface with this icon:extensible policy icon

    Category
    Policy name
    Description

    AI policies

    Let you optimize and secure the performance of AI workloads and models.

    Extension policies

    Let you define custom policy functionality, such as service callout, message data collection, and calling Java, JavaScript, and Python scripts.

    Mediation policies

    Let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

    Security policies

    Let you control access to your APIs with OAuth, API key validation, and other threat protection features.

    Traffic management policies

    Let you configure caching, control quotas, mitigate the effects of spikes, and perform other functions related to your API traffic.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: