Apigee product limits

Consider the following product limits as you build, manage, and review your API program implementation. Apigee has carefully chosen these limits because of their potential impacts on product scalability and performance. By staying within these limits, you help avoid service disruptions. In cases where the product doesn't currently enforce a limit, the limit still applies and the product may enforce the limit at any time.

Google reserves the right to take corrective actions to mitigate platform impacts related to product limit violations.

These limits apply to both Apigee Public Cloud and Private Cloud (on-premises) products. Some features, noted in this topic, are available only in Apigee Public Cloud.

Also, Apigee includes size and character limit for the files you create and configuration you do. For more information, see Naming restrictions for Apigee Edge artifacts.

Feature area Limit

API Proxies

API proxy calls differs by plan
API proxy or shared flow zip file bundle size (proxies other than Hosted Targets) 15 MB

Hosted Targets bundle size

Hosted Targets are currently available only in Apigee Public Cloud.

250 MB
Number of revisions per API proxy 50
API proxy resource file size (such as Node.js, JavaScript, or Java files). Doesn't include Hosted Targets resources. 15 MB

Hosted Targets deployed

Hosted Targets are currently available only in Apigee Public Cloud.

Enterprise accounts

  • Per organization: 20
  • Total across all organizations: 30

Evaluation accounts: 1

Extensions deployed

GCP extensions are those that interact with components available in Google Cloud Platform. Extensions are currently available only in Apigee Public Cloud.

Enterprise accounts

  • Per organization: 20 GCP extensions, 10 non-GCP extensions
  • Total across all organizations: 30 GCP extensions, 15 non-GCP extensions

Evaluation accounts: 2 GCP extensions, 1 non-GCP extension

Quota

Quota synchronization interval for quota distributed across multiple message processors 10 seconds

Persistence: Cache, KVM

Caches per environment 10
Items in a cache 2.5 million
Cache key size 2 KB
Cache value size 512 KB
Cache expiration, minimum time 180 seconds
Cache expiration, maximum time 30 days
Items in KVMs 5 million total items in all KVMs at all scopes in an organization
Key Value Map (KVM) key size 2 KB
Key Value Map (KVM) value size 10 KB

Keys, Developers, Apps, Products

Consumer key (API key) size 2 KB
Consumer secret size 2 KB
Custom attributes you can set on developers, developer apps, API products, OAuth access tokens, and other Edge entities 18
(Also see the CPS caching limit.)
Custom attribute name size 1 KB
Custom attribute value size 2 KB
Developers per organization 1 million

OAuth

OAuth access token expiration, minimum 180 seconds (the default is 60 minutes)
(Also see the CPS caching limit.)
OAuth access token expiration, maximum 30 days (the default is 60 minutes)
OAuth refresh token expiration, maximum 90 days (the default is 30 days)
OAuth access and refresh token size 2 KB
Custom attributes you can set on OAuth tokens 18
(Also see the CPS caching limit.)

Environment and Organization

Users per organization differs by plan
Environments per organization differs by plan
Management API calls 10,000 calls per minute for paid plans
600 calls per minute for evaluation organizations
Target Servers per environment 50
Virtual hosts per environment 20
TLS certificates per environment 100

System

API proxy request URL size 7 KB
Request header size 30 KB
Response header size 25 KB
Request size (for non-streamed HTTP requests) 10 MB
Response size (for non-streamed HTTP requests) 10 MB
Router I/O timeout 57 seconds (default)
Message Processor I/O timeout 55 seconds (default)

Core Persistence Services caching minimum: In organizations with Core Persistence Services (CPS) enabled (currently Apigee Public Cloud only), Edge keeps the following entities in cache for a minimum of 180 seconds after the entities are accessed.

  • OAuth access tokens. This means the ExpiresIn element on the OAuth v2 policy won't be able to expire an access token in less than 180 seconds.
  • Key Management Service (KMS) entities (Apps, Developers, API Products).
  • Custom attributes on OAuth tokens and KMS entities.

The information above represents current product limits. Google reserves the right to change product features and functionality or the above limits upon posting or otherwise making them accessible.