Authenticate access to the Edge API

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.
info

You can use Apigee Edge API to create, configure, and manage API proxies and API products, policies for logic in your API proxies, apps and app developers, and caches. For information on using the Edge API, see Using the Edge API and the Apigee Edge API Reference.

To access the Edge API, you must authenticate in one of the following ways:

  • OAuth2

    Exchange your Edge credentials for an OAuth2 access token and refresh token. Make calls to the Edge API by passing the access token in the API call.

  • SAML and LDAP

    While still using OAuth2 access tokens, generate these tokens from SAML assertions or LDAP logins.

  • Basic Auth (not recommended)

    Access the Edge API by passing your username and password in each request. This method is not recommended.

OAuth2 and Basic authentication are both enabled by default for Apigee Edge for public Cloud accounts. Only Basic authentication is enabled by default for Apigee Edge for Private Cloud.

Use OAuth2 and SAML or LDAP at the same time

You can have an environment in which one organization authenticates with SAML or LDAP and another with OAuth2. However, you must be aware that the tokens and the mechanisms for getting those tokens are not interchangeable.

The acurl and get_token utilities supports multiple SSO_LOGIN_URL settings simultaneously. To make calls to both OAuth2 and SAML or LDAP, you can set two SSO endpoints and store cached tokens for both on the same machine. For example, you can use set SSO_LOGIN_URLS to use https://login.apigee.com as an OAuth2 endpoint and https://my-zone.login.apigee.com as a SAML endpoint.