Console
    Start free

    Advanced API Security for multiple Apigee organizations and gateways

    This page applies to Apigeeand Apigee hybrid.

    Apigee Advanced API Security is available as an additional add-on for your API hub instance to help you manage and govern the security posture of your APIs across multiple Apigee organizations, environments, and gateways. Leveraging API hub's plugins and curation capabilities, Advanced API Security offers an unified view that lets you monitor risks, compare configurations, and ensure consistent security standards across your entire API ecosystem.

    Key capabilities

    Advanced API Security offers the following capabilities when you enable it for your API hub instance:

    • Risk assessment across multiple Apigee organizations, environments, and gateways: assess the security scores for a specific API or for all APIs across all of its deployments in multiple Apigee organizations, environments, and gateways to get a comprehensive understanding of its risk profile.
    • Security profiles: create and manage custom security profiles based on your organization's needs, and apply them consistently across your multiple Apigee environments, organizations, and gateways.

    Enable Advanced API Security for your API hub instance

    To enable and configure Advanced API Security for your API hub instance, see Configure Advanced API Security for multiple Apigee organizations and gateways .

    IAM roles and permissions

    To use Advanced API Security, you must have the following IAM roles and permissions:

    IAM roles
    Permissions
    Description
    API Security Admin ( roles/apigee.securityAdmin )
    • apigee.securityProfilesV2.create
    • apigee.securityProfilesV2.delete
    • apigee.securityProfilesV2.update
    • apigee.securityProfilesV2.get
    • apigee.securityProfilesV2.list
    Provides permissions to create, update, delete, get, and list security profiles.
    • apigee.securityAssessmentResult.compute
    Provides permissions to compute security assessment results.
    API Security Viewer ( roles/apigee.securityViewer )
    • apigee.securityProfilesV2.get
    • apigee.securityProfilesV2.list
    Provides permissions to get, list, and view security profiles.
    • apigee.securityAssessmentResult.compute
    Provides permissions to compute security assessment results.
    API hub Admin ( roles/apihub.admin ) or API hub Add-on Admin ( roles/apihub.addonsAdmin )
    • apihub.addons.get
    • apihub.addons.list
    • apihub.addons.manage
    Provides permissions to manage add-ons in API hub.
    • apihub.apis.get
    • apihub.deployments.list
    Provides permissions to get and list APIs and deployments in API hub. These permissions are also required to compute security assessment results.
    API hub Viewer ( roles/apihub.viewer )
    • apihub.addons.get
    • apihub.addons.list
    Provides permissions to get and list add-ons in API hub.
    • apihub.apis.get
    • apihub.deployments.list
    Provides permissions to get and list APIs and deployments in API hub. These permissions are also required to compute security scores and recommendations.

    For information about granting IAM roles, see Grant or revoke multiple IAM roles using the Google Cloud console .

    What's next
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: