Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Register apps and manage API keys

This topic explains how to register and manage apps by using the Apigee Edge management UI. The steps described in this topic require an Edge user with an org admin role or, otherwise, a role that grants sufficient permission to create and/or edit developer apps.

If you have a Developer Services portal, developers can register their own apps. See What is a developer portal? for more.

What is a developer app?

Let's assume you are an API provider and you have created one or more API products to bundle your APIs, as explained in Create API products. Typically, developers who want to consume your APIs go to your developer portal and register to use them. When registering, the developer gets to select which of your API products they want to use. For example, some products may be offered for free, while others require payment depending on a service plan. Upon completion, this registration step produces an Edge entity called a developer app. A developer app includes the products the developer selected and a set of API keys that the developer will be required to use to access the APIs that are associated with those products. See What is a developer portal? for more on developer portals.

However, a developer portal is not the only way to create developer apps. An Edge org admin, or another individual with the appropriate permissions, can also create developer apps directly in the Edge UI. As an API provider, you might want to maintain complete control over the app registration process and choose to register apps by using the Edge management UI. For example, you may want to register apps for your internal development teams or on behalf of a developer without access to your portal. Similar to registration through a portal, when you register an app in the Edge UI, you decide which API products to associate with it. When the app is registered, Edge automatically generates an API key to grant access to the selected API products. It is then up to you (the API provider) to determine how to pass that key to the app developer. Note that any additional API products you associate with the app all use the same key.

Apps provide the main mechanism for API providers to control who can access their APIs. At any time, someone with appropriate Edge organization permissions can revoke an app's key, preventing it from accessing all API products referenced by that app. Or access to a single API product associated with the app can be revoked.


As an org admin (or someone with appropriate role permissions), you can see all of your organization's apps in the Edge management UI on the Publish > Developer Apps summary page. This page displays performance data for each app, and general information on app keys. You can select a specific app from the table to get more detailed information, including the API products that app can access and the resources those products expose. You can also see the key associated with the app.

Registering an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

To register an app:

  1. Login to the Edge management UI at https://enterprise.apigee.com.
  2. Click the Publish tab, then Developer Apps.
  3. Click (+) Developer App on the Developer Apps page.
  4. Enter an application Name. This is the internal name you can later use in management API calls. You can't change the name after you create the app.
  5. Display Name appears in the management UI, and it's the app name developers see in the developer portal. API administrators and developers can change the display name any time.
  6. Select a developer from the Developer list.
    An app must be associated with a registered developer. If the developer does not appear in the list, you can register them. See Managing app developers for more.
    For performance reasons, not all developers are displayed in the Developer drop-down list. Start typing the developer email in the search box to locate the developer you want.
  7. If necessary, enter the Callback URL.
    A callback URL is the location of a resource that belongs to the app. For example, if you are using OAuth, this could be the location of a login screen where users enter their username and password. This value is not required for all API products.
  8. Optionally, add a descriptive note for the app.
  9. The Credentials section means "API keys." Set an expiration time or date for the API key that is automatically generated when the app is created. Then associate one or more API Products to the key. The developer will pass the API key in each call to API proxies contained in those API products. After the app is created, edit the app to add more credentials/keys with different expiration dates and products. For more information, see Create API products.
  10. Add any custom attributes for the app. You can add up to 18 of them. For each custom attribute:
    • Click (+) Add Custom Attribute.
    • Add the attribute name and value.
  11. Click Save.
    Your app is added to the apps list on the Developer Apps page.
  12. If the product(s) you associated with the app require manual approval for their API keys:
    1. Click the new app name.
    2. Click Edit to edit the app.
    3. Click Approve next to the Consumer Key and Consumer Secret.

Managing API keys

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

API calls to API proxies usually require an API key. Edge lets the calls through only if the API key is active, valid, and meets the conditions defined by the API product containing the API.

When you create an API product, you can also set its access mode to Internal only or Private. API products marked Internal only or Private do not appear to developers on the developer portal. To get access to these products, you manually add them to a developer's app from the Edge management UI.

Approving an API key

If an API product is configured for Automatic approval of API keys, you don't need to do anything. However, if a product requires manual approval of API keys, follow this procedure.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Approve for the corresponding product.
  4. Click Save.

You can also approve API keys using the management API.

Revoking an API key

You can revoke an API key, which means that particular key and secret are no longer valid for accessing APIs in the associated API product(s). You can re-enable access at any time by clicking Approve.

(If you want to keep the key approved but prevent it from being used on a particular product, see the next section, "Revoking or removing an API product from an API key.")

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Revoke in the same row as the key and secret.
  4. Click Save.

You can also revoke API keys using the management API.

Revoking or removing an API product from an API key

If you want to keep an API key active but not allow it to be used with one or more API products, you can revoke or remove the products associated with the API key. Revoking keeps a product associated with the API key but doesn't allow the key to be used with it, and removing completely disassociates the API product from the API key.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Revoke or Remove next to the desired product.
  4. Click Save.

You can re-approve a revoked product or re-add a removed product.

You can also use the management API for this procedure. See Approve or Revoke API Product for an API Key and Remove API Product for a Specific Key.

Deleting an API key

Deleting an API key removes the key and secret, which can no longer be used in API calls to APIs in the associated product(s).

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit to edit the app.
  3. Click Remove for the corresponding product.
  4. Click Save.

You can also delete API keys using the management API.

Generating a new key

You can generate a new API key/secret pair for a developer app. For instance, if you're using API key rotation, you can generate new keys whose expiration overlaps keys that will be out of rotation when they expire. You might also generate a new key/secret if the security of the original key/secret is compromised. After generating a new key, be sure to revoke or remove any other keys you no longer want to be used.

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit.
  3. Click + Credential to generate a new API key with the desired expiration, then associate one or more API products with that key.
  4. In this screen you can also revoke or remove any other API keys with the Revoke and Remove buttons, which renders the keys unusable. Revoked keys can be re-approved and used later. Removed keys are deleted.
  5. Click Save.

To generate a new API key with the management API, see Generate a new key pair for a developer app.

If you create custom keys (next procedure), this procedure does not regenerate those keys.

Importing existing API keys, creating custom keys

If you have existing consumer keys and secrets you want to import into Edge, or you want to create custom API keys, see Import existing consumer keys and secrets.

Editing an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

To edit an app:

  1. In the menu, select Publish > Developer Apps > developer_app_name.
  2. Click Edit.
  3. Modify the configuration.
    Note: Be careful when you edit custom attributes. You may have a system that has dependencies on custom attributes.
  4. Click Save.

Revoking a developer app

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

When you revoke a developer app, any approved API keys can no longer be used in API calls to Edge. On the Developer App Details page, the key status label on the API keys is shown in strikethrough text (Approved or Revoked); and if you mouse over the label, the tooltip says the app is revoked. If you re-approve the app, the strikethrough text on API key status disappears, and approved API keys are valid again.

Revoke a developer app in the management UI

  1. Select Publish > Developer Apps > [app] > Edit.
  2. Click Revoke in the App Status field.
  3. Click Save.

It may take a few minutes for the change to be recognized by all message processors. Until then, it's possible that some calls using the API keys might continue to get through. 

Revoke a developer app with the management API

See Approve or Revoke Developer App.

If the app is registered in other organizations, you must also revoke it in each of those organizations as well.

You can re-approve a developer app by editing the app and clicking Approve in the App Status field. When you do, all approved API keys are available for use. Again, it may take a few minutes for the change to be recognized on all message processors.

Deleting an app in the Edge management UI

Note: You must be an org admin or someone with sufficient role permissions to perform these tasks.

If you delete an app, all client keys associated with the apps become invalid. Using an invalid key on a request causes the request to fail.

 To delete an app:

  1. In the menu, select Publish > Developer Apps.
  2. Click Delete next to the app, then click Delete in the confirmation dialog.

Searching the Developer Apps page

The search menu has a dropdown menu that you can use to search for specific developer app attributes, such as App Family, Consumer Key, and others.

Help or comments?