Manage API products

Manage API products using the Apigee Edge management UI, as described in this section. To manage API product using the API, see Using the Edge management API to Publish APIs.

Watch the following video to learn how to create an API product.

For an overview of API products, see What is an API product?.

Explore the API products page

Access the API products page using the Edge UI or Classic Edge UI, as described in the following sections.

Edge

To access the API products page in the Edge UI:

  1. Sign in to https://apigee.com/edge.
  2. Select Publish > API Products.

The API Products page is displayed.

API Products page that displays the list of API products. Callouts are provided showing the tasks you can accomplish, listed below the figure.

As shown in the previous figure, the API products page enables you to perform the following tasks, described later in this section:

Classic Edge

To access the API products page in the Classic Edge UI:

  1. Sign in to enterprise.apigee.com.
  2. Select Publish > Products.

The API products page enables you to perform the following tasks, described later in this section:

Adding an API product

Add an API product using the UI, as described below. To use the Edge API, see Configuring API products using the API.

To add an API product using the Edge UI:

  1. Access the API products page, as described previously in this section.
  2. Click +API Product.
  3. Enter the Product Details for your API product.
    Field Description
    Name Internal name of the API product. Do not specify special characters in the name.
    Note: You cannot edit the name once the API product is created.
    Display Name Display name for the API product. The display name is used in the UI and you can edit it at anytime. If not specified, the Name value will be used. This field is auto-filled using the Name value; you can edit or delete its contents. The display name can include special characters.
    Description Description of the API product.
    Environment Environments to which the API product will allow access. For exmample, test or prod.
    Access Access level. For details, see Access level.
    Automatically approve access requests Enable automatic approval of key requests for this API product from any app. To require manual approval of keys, disable this option. See Registering apps and managing API keys (UI) and Developer App Keys (API).
    Quota Quota limit that you want to reference from quota policies. Entering a quota value does not automatically enforce restrictions on the number of calls that can be made through the product. API proxies referenced by the product must include the Quota policy to enforce the quota. For more information, see Quotas.
    Allowed OAuth Scopes If you are using OAuth with the API product, allowed OAuth scopes that you want the API product to allow (such as Read or other scopes that apps will send with their API calls). Specify multiple scopes as a comma-separated list. See OAuth scopes.
  4. Add the API Resources that are available in the API product, including the API proxies and resource paths.

    Warning: If you do not add any API proxies to your API product, app developers will be able to access all of your API proxies and resource paths.

    For example, if you add a "music" API proxy to the product with a base path of /music, the API product allows calls to /music. However, if you want the API product to allow access to only the venues resource path, which has a URI of /music/venues, add the /venues resource path to the product. In this case, calls to /music/venues?name=paramount are allowed, but calls to /music/artists?name=Jack%Johnson will be blocked.

    Set a specific resource path or set the base path and all possible subpaths by specifying the resource path as /. The resource path can include wildcards /** and /*. The double asterisk wildcard indicates that all subpaths of the base path are supported (but not the base path). A single asterisk indicates that only URIs one level down from the base path are supported. See Configuring the behavior of the resource path of '/', '/*', and '/**', as described later in this section.

    To add API resources:

    1. Click Add a proxy or Add a path in the API resources section.
    2. Choose whether you want to add an API proxy, Path, or both API proxy and path.

      Add API resource section enables you to add an API proxy, resource path, or both.

    3. Add one or more API proxies and resource paths.

      Warning: If you do not add any API proxies to your API product, app developers will be able to access all of your API proxies and resource paths.

      More inclusive, less specific resource paths take predence over those that are more specific. For example, if you add / and /**, the / resource path takes precedence; the /** resource path will be ignored.

    4. Click Add or Add and Start another (to specify additional API resources).

    Note: You cannot edit an API resource. Instead, you need to delete the existing API resource and add a new version with the corrected values.

  5. (Optional) Use the Istio Services field to bind the product to one or more Istio services. Unless you are using the Apigee Adapter for Istio Concepts, you can ignore this setting.
  6. (Optional) Add up to 18 custom attributes to an API product.

    Custom attributes are key/value pairs that can be used in many ways, including helping control API proxy execution. For example, you could create a custom attribute called deprecated with a value of true or false. In your API proxy flow, you could check the value of the API product's deprecated attribute (for example, using the verifyapikey.{policy_name}.apiproduct.deprecated variable that is automatically available after you create the custom attribute). If its value is true (deprecated), you can throw an error with the Raise Fault policy.

  7. Click Save.

Configuring the behavior of a resource path of '/', '/*', and '/**'

The following table describes the default behavior of an API product for different resource paths. In this example, the API proxy has a base path of /v1/weatherapikey. The API product resource path applies to the path suffix after the base path.

Request URI Allowed for / Allowed for /* Allowed for /** Allowed for /*/2/**

/v1/weatherapikey

Y

N

N

N

/v1/weatherapikey/

Y

N

N

N

/v1/weatherapikey/1

Y

Y

Y

N

/v1/weatherapikey/1/

Y

Y

Y

N

/v1/weatherapikey/1/2

Y

N

Y

N

/v1/weatherapikey/1/2/

Y

N

Y

Y

/v1/weatherapikey/1/2/3/

Y

N

Y

Y

/v1/weatherapikey/1/a/2/3/

Y

N

Y

N

By default, a resource path of / in an API product supports the base path and all subpaths. For example, if the Base Path of the API proxy is /v1/weatherapikey, then the API product supports requests to /v1/weatherapikey and to any subpaths, such as /v1/weatherapikey/forecastrss, /v1/weatherapikey/region/CA, and so on.

You can change this default so that a resource path of / corresponds only to the Base Path of the API proxy, meaning the API product will not allow access to a URI that has anything after the /. If you make this change, then in the table above, only the first two rows under "Allowed for /" would contain "Y".

To change the default, a system administrator must set the value of the features.isSingleForwardSlashBlockingEnabled property on your organization to true. Cloud customers can make that request to Apigee Support.

Editing an API product

To edit an API product:

  1. Access the API products page, as described previously in this section.
  2. Click in the row of the API product that you want to edit.
  3. Click Edit on the API product page.
  4. Edit the fields, as required.

    You can delete resources that you've added to an API product. You might want to do this if a resource is malfunctioning or requires more development. When deleted, that resource is no longer part of the API product. Any app that uses the API product can no longer access the deleted resource. Deleted resources are removed from the product but are not deleted from the system, so they can still be used by other products.

  5. Click Save.

Core Persistence Services caching minimum: In organizations with Core Persistence Services (Core Persistence Services (CPS)) enabled (currently Apigee Public Cloud only), Edge keeps the following entities in cache for a minimum of 180 seconds after the entities are accessed.

  • OAuth access tokens. This means the ExpiresIn element on the OAuth v2 policy won't be able to expire an access token in less than 180 seconds.
  • Key Management Service (KMS) entities (Apps, Developers, API Products).
  • Custom attributes on OAuth tokens and KMS entities.

Deleting an API product

To delete an API product:

  1. Access the API products page, as described previously in this section.
  2. Position the cursor over the API product in the list.
  3. Click Delete icon.
  4. Click Delete to confirm the delete operation.