Google is committed to advancing racial equity for Black communities. See how.

Access the Edge API

You can use Apigee Edge RESTful APIs to create, configure, and manage API proxies and API products, policies for logic in your API proxies, apps and app developers, and caches. For information on using the Edge API, see Using the RESTful Edge API and the Apigee API Reference.

To access the Edge API, you must authenticate in one of the following ways:

  • OAuth2

    Exchange your Edge credentials for an OAuth2 access token and refresh token. Make calls to the Edge API by passing the access token in the API call.

  • SAML and LDAP

    While still using OAuth2 access tokens, generate these tokens from SAML assertions or LDAP logins.

  • Basic Auth (not recommended)

    Access the Edge API by passing your username and password in each request. This method is not recommended.

OAuth2 and Basic authentication are both enabled by default for Apigee Edge for public Cloud accounts. Only Basic authentication is enabled by default for Apigee Edge for Private Cloud.

Use OAuth2 and SAML or LDAP at the same time

You can have an environment in which one organization authenticates with SAML or LDAP and another with OAuth2. However, you must be aware that the tokens and the mechanisms for getting those tokens are not interchangeable.

The acurl and get_token utilities supports multiple SSO_LOGIN_URL settings simultaneously. To make calls to both OAuth2 and SAML or LDAP, you can set two SSO endpoints and store cached tokens for both on the same machine. For example, you can use set SSO_LOGIN_URLS to use https://login.apigee.com as an OAuth2 endpoint and https://my-zone.login.apigee.com as a SAML endpoint.

Format the response

The Edge API returns data as JSON by default. For many requests, you can get the response sent back as XML instead. To do this, set the Accept request header to "application/xml", as the following example shows:

curl -H "Authorization: Bearer `get_token`" \
  -H "Accept: application/xml" \
  https://api.enterprise.apigee.com/v1/organizations/ahamilton-eval/apis/helloworld/revisions/1/policies/ \
  | xmllint --format -

The response should look like the following:

<List>
  <Item>SOAP-Message-Validation-1</Item>
  <Item>Spike-Arrest-1</Item>
  <Item>XML-to-JSON-1</Item>
</List>

Note that this example prettyprints the results by piping the response through xmllint.

The acurl utility does not support the Accept header. As a result, you can only get JSON-formatted responses with acurl.

To prettyprint a JSON response, you can use the json.tool Python library:

curl -H "Authorization: Bearer `get_token`" \
  -H "Accept: application/json" \
  https://api.enterprise.apigee.com/v1/organizations/ahamilton-eval/apis/helloworld/revisions/1/policies/ \
  | python -m json.tool

The response should look like the following:

[
  "SOAP-Message-Validation-1",
  "Spike-Arrest-1",
  "XML-to-JSON-1"
]

Edge API limits

Each organization is limited to the following Edge API call rates:

  • 10,000 calls per minute for organizations on paid plans
  • 600 calls per minute for trial organizations

HTTP status codes 401 and 403 do not count against this limit. Any calls that exceed these limits return a 429 Too Many Requests status code.