Access the management API

You can use Apigee Edge RESTful management APIs to create, configure, and manage API proxies and API products, policies for logic in your API proxies, apps and app developers, and caches. For information on using the management API, see Using the RESTful management API and the Apigee Management API Reference.

To access the Edge management API, you must authenticate in one of the following ways:

  • OAuth2

    Exchange your Edge Basic Auth credentials for an OAuth2 access token and refresh token. Make calls to the Edge management API by passing the access token in the API call.

  • SAML

    While still using OAuth2 access tokens, generate these tokens from SAML assertions returned by an identity provider.

  • Basic Auth (not recommended)

    Access the management API by passing your username and password in each request. This method is not recommended. If you do use Basic Auth to access the management API, you should strongly consider using it with two-factor authentication.

OAuth2 and Basic Authentication are both enabled by default for Edge in the Cloud accounts. Only Basic Authentication is enabled by default for Edge for the Private Cloud.

Use OAuth2 and SAML at the same time

You can have an environment in which one organization authenticates with SAML and another with OAuth2. However, you must be aware that the tokens and the mechanisms for getting those tokens are not interchangeable.

To make calls to both OAuth2 and SAML:

  1. Multiple machines: Execute the commands from different machines. Both OAuth2 and SAML store tokens in ~/.sso-cli, so when you get OAuth2 tokens, it will overwrite the SAML tokens, and vice versa.
  2. Single machine: Get new tokens every time you switch between OAuth2 to SAML.

Format the response

The management API returns data as JSON by default. For many requests, you can get the response sent back as XML instead. To do this, set the Accept request header to "application/XML", as the following example shows:

curl -H "Authorization: Bearer `get_token`" \
  -H "Accept: application/xml" \
  https://api.enterprise.apigee.com/v1/organizations/ahamilton-eval/apis/helloworld/revisions/1/policies/ \
  | xmllint --format -

The response should look like the following:

<List>
  <Item>SOAP-Message-Validation-1</Item>
  <Item>Spike-Arrest-1</Item>
  <Item>XML-to-JSON-1</Item>
</List>

Note that this example prettyprints the results by piping the response through xmllint.

The acurl utility does not support the Accept header. As a result, you can only get JSON-formatted responses with acurl.

To prettyprint a JSON response, you can use the json.tool Python library:

curl -H "Authorization: Bearer `get_token`" \
  -H "Accept: application/xml" \
  https://api.enterprise.apigee.com/v1/organizations/ahamilton-eval/apis/helloworld/revisions/1/policies/ \
  | python -m json.tool

The response should look like the following:

[
  "SOAP-Message-Validation-1",
  "Spike-Arrest-1",
  "XML-to-JSON-1"
]

Management API limits

Each organization is limited to the following management API call rates:

  • 10,000 calls per minute for organizations on paid plans
  • 600 calls per minute for trial organizations

HTTP status codes 401 and 403 do not count against this limit. Any calls that exceed these limits return a 429 Too Many Requests status code.