Policy reference overview

Edge's out-of-the-box policies augment your APIs to control traffic, enhance performance, enforce security, and increase the utility of your APIs, without requiring you to write any code or modify any backend services.

In addition, Apigee provides extension policies that let you implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets.

Policy categories

Following are the categories of policies that Apigee provides:

Traffic management policies Mediation policies Security policies Extension policies

Let you configure caching, control quotas, mitigate the effects of spikes, set concurrent rate limits, and perform other functions related to your API traffic.

Let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

Let you control access to your APIs with OAuth, API key validation, and other threat protection features.

Let you define custom policy functionality, such as service callout, message data collection, and calling Java, JavaScript, and Python scripts.

* Available only with select Edge plans
† On-premises installations only