Policy reference overview

By exposing an API through Apigee Edge, you gain the ability to modify and monitor its behavior using out-of-the-box policies. Edge's out-of-the-box policies enable you to augment your API with sophisticated features to control traffic, enhance performance, enforce security, and increase the utility of your APIs, without requiring you to write any code or to modify any backend services. Extension policies enable you to implement custom logic in the form of JavaScript, Python, Java, and XSLT.

Following are the categories of policies that Apigee provides.

Traffic management policies Mediation policies Security policies Extension policies

Traffic management policies let you configure cache, control traffic quotas and spikes, set concurrent rate limits, and so on.

Mediation policies let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

Security policies let you control access to your APIs with OAuth, API key validation, and other threat protection features.

Extension policies let you provide custom policy functionality, with support for such features as service callout, message data collection, and calling Java, JavaScript, and Python behavior you have created.

* Available only with select Edge plans
† On-premises installations only

Was this page helpful? Let us know how we did:

Send feedback about...

Apigee Docs