Differences between Apigee Edge and Apigee X

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

This topic describes how Apigee X (sometimes also referred to simply as "Apigee") differs from Apigee Edge. This information is intended for existing Apigee Edge customers who are considering migrating to Apigee X.

For additional information on Apigee X features, see the Apigee X feature summary.

The following table lists the Apigee API management products that are compared in this topic:

Product Where hosted Managed by
Apigee Edge for Public Cloud Apigee's cloud Apigee
Apigee Edge for Private Cloud The customer's private data center. Customer
Apigee X Google Cloud Apigee
Apigee hybrid Both Google Cloud and the customer's private data center Apigee manages the management plane and the customer manages the runtime plane.

Apigee Edge to Apigee X feature comparison

The following sections compare Apigee Edge Public/Private Cloud features with feature availability in Apigee X and hybrid.

Note that Apigee X limits also differ from the Apigee Edge limits.

Summary of current feature differences

The following table describes feature-level differences between Apigee X (and hybrid) and the Apigee Edge for Public and Private Cloud platforms.

Apigee Edge feature Support in Apigee X and hybrid
API Proxy Revisions

Immutable when deployed

Active Health Checks Supported for External MIGs (which use VMs). Not supported when using Private Service Connect. For information on the routing types, see Configure routing.
Apigee Adapter for Istio Deprecated: We recommend you use Apigee Adapter for Envoy instead.
Companies and developers

A similar but not identical solution is available. See Using AppGroups to organize app ownership.

CwC (Code with Config)


  • Asynchronous deployments
  • Retrieving deployment status is based on the last time the runtime plane "checked-in" with the management plane
  • Support for environment groups
  • Self-service through the Apigee UI and APIs
  • More flexibility in serving topology
  • An MP pod can only serve one environment

For more information, see About environments and environment groups.

Hosted targets

Please use Cloud Run or Cloud Functions

HTTP/1.1 header field name handling Converts HTTP/1.1 header field names to lowercase when forwarded to the backend. In Apigee Edge, header field names case is preserved.
IAM roles for fine-grained role-based access control


JSONPath using [@.length-x]

Use of [@.length-x] in JSONPath expressions is not supported in Apigee X. The JSONPath spec states that expressions are dependent on the underlying scripting language. length-x is a JavaScript construct, not Java, and [@.length-x] was not implemented as part of the spec. In Apigee X the expression [@.length-x] is superseded by the indexing scheme ([-x]).

For this example:

    "books": [
        "name": "A",
        "name": "B",

The input: $.books[@.length-1] returns {“name”: “B”} in Apigee Edge and returns [{“name”: “B”}] in Apigee X.


Northbound managed as Kubernetes secrets

  • You can create encrypted, environment-scoped KVMs in the Apigee UI. KVMs are always encrypted. You cannot add, update, or view KVM entries in the UI.
  • Use the private. attribute with all variables when accessing a KVM with the GET command to hide the KVM information in a debug (Trace) session. If the private. attribute is not used, the KVM is still encrypted; however, the KVM information will appear decrypted in the debug Trace) session and no exception will be thrown.
  • You can manage KVM entries using the keyvaluemaps.entries API or the KeyValueMapOperations policy.
  • You can use property sets for some of the same use cases as KVMs. See Using property sets.
  • The <MapName> element enables the KeyValueMapOperations policy to identify which KVM to use dynamically, at runtime.

For more information on creating KVMs in the UI, see Using key value maps. See also Accessing configuration data for information on how to choose the right data persistence mechanism.

Microgateway We recommend using Apigee Adapter for Envoy instead.
Monetization See Differences with monetization
  • Node.js API proxies are not supported.
  • Apigee recommends that you host Node.js applications as separate containers in Kubernetes (same or different cluster)
Northbound mTLS Planned
OAuth New RevokeOAuthv2 policy revokes by end user ID, app ID, or both. This policy replaces the Apigee Edge API to revoke OAuth2 tokens.
  • New policies:
    • AssertCondition policy: Evaluates a conditional statement at runtime in the request or response flows.
    • CORS policy: Allows JavaScript XMLHttpRequest (XHR) calls executed in a web page to interact with resources from non-origin domains.
    • DataCapture policy: Replaces the StatisticsCollector policy.
    • ExternalCallout policy: Sends gRPC requests to your gRPC server to implement custom behavior that isn't supported by Apigee policies.
    • GraphQL policy: Parses GraphQL payloads into message flow variables, verifies GraphQL requests against a schema, or both.
    • PublishMessages policy: Publishes your API proxy flow information to a Google Cloud Pub/Sub topic.
    • RevokeOAuthv2 policy: Revokes by user ID, app ID, or both.
    • TraceCapture policy: Adds additional variables to your Apigee runtime's trace data.
  • Policy not supported:
    • StatisticsCollector policy (replaced by the new DataCapture policy)
  • Changed policies:
reasonPhrase Not supported.
Resources Cannot use organization-level resources
Roles and Permissions
  • Managed through Google Cloud console's IAM service
  • Some curated out-of-the-box roles are available
  • You can create custom roles which can include other Google Cloud permissions

For more information, see Users and roles.

Sense Use Advanced API Security.
SOAP services in the Build a proxy wizard Not supported. See wsdl2apigee, an open source project that provides SOAP utilities for use with Apigee.
Trace/Debug Sessions See Differences with Trace.
Virtual Hosts

For Apigee hybrid:

  • The ingress is implemented through Anthos Service Mesh.
  • The keys and certs are deployed directly to Kubernetes.

For Apigee X:

  • Each instance exposes an HTTPS endpoint via self-signed certificate. The CA for the certificate can be downloaded by querying the org.

Differences with Trace

The following table compares the differences in how Trace operates in Apigee X and hybrid versus Apigee Edge Cloud:

Feature Apigee Edge Cloud Apigee X and hybrid
Timeliness Real time; synchronous Slight delay; asynchronous
Session name/ID Accepts session name from the user Doesn't accept session name from the user
Filters Basic filter support, such as header and query parameter filtering Support for complex filtering logic, including both AND and OR logical operations. Access to any flow variable mentioned in the flow variables reference. Syntax is the same as used with conditionals, as shown in the conditions reference.
Session timeout

Defines the length of the debug session as well as how long data is retained.

Default value is 20 minutes when initiated via API calls and 10 minutes when initiated in the UI.

Defines only the length of the debug session. The starting point is when the Message Processor receives the request to run in debug mode.

Default value is 5 minutes if the session was initiated with the API and 10 minutes if it was initiated in the UI.

Data is persisted for 24 hours before hybrid automatically deletes it.

Session validity

Length of time in which the session creation request is valid. If the debug session does not start within this amount of time, the Synchronizers can disregard the session creation request. Be sure to keep your Synchronizers' clocks in synch, as described in Prerequisites.
Trace request count Maximum of 20 per Message Processor Default is 10 per Message Processor; maximum is 15.
API Apigee Edge Cloud Apigee X
Apigee X exposes the Debug Session API and Debug Session Data API, but does not support the following via the Apigee X APIs:
Stop debug session

Delete specific transactions

Differences with monetization

The following table provides a comparison of key features between Apigee Edge Monetization and Apigee X Monetization.

Apigee Edge Monetization Apigee X/hybrid Monetization
Rate plans are associated with API product bundles that can be attached to multiple API products Rate plans are associated with API products (one-to-one relationship)
App developers purchase rate plans App developers purchase API products
Quotas are managed at the API proxy level Quotas are managed at the API product level (business level)
Published rate plans can only be expired; they cannot be edited or deleted Published rate plans can be expired, edited, moved to draft, or deleted
Complex configuration (no wizard or preview tool) Simplified configuration of rate plans using wizard and preview tool
MonetizationLimitsCheck policy blocks access after first API call is processed if app developer has not purchased a subscription MonetizationLimitsCheck policy blocks access immediately if app developer has not purchased a subscription or exceeds the quota
Monetization data for transactions can be captured by using custom variables in the Transaction Recording policy. Apigee automatically captures monetization data, and monetization data for transactions can be overridden using the DataCapture policy. See Capture monetization data for information.
Prepaid and Postpaid accounts can be configured both for developers and for rate plans. Prepaid and Postpaid accounts can only be configured for developers.

Which Apigee Edge features are not supported in Apigee X?

Google does not plan to support the following features:

  • Apigee Edge Extensions
  • OpenAPI Specification store
  • APIs to search for or revoke OAuth access tokens (because tokens are hashed)
  • OAuth v1 or OAuth OAuthv1.0a policy
  • Trireme (EOL'd on 10/10/2019)
  • Headers prefixed with "X-Apigee-" are not supported in Apigee X and are stripped from requests and responses before sending to targets and clients.

API comparison

In general, most of the Apigee Edge APIs have Apigee API equivalents. This section provides:

Summary of changes using the API

The following lists the changes in behavior across all Apigee X APIs as compared to the Apigee Edge APIs.

Behavior Apigee Edge APIs Apigee X APIs
Base domain api.enterprise.apigee.com apigee.googleapis.com
Media types application/json
Authentication OAuth2, SAML, Basic OAuth2
Timestamps in keys int64 format
  "createdAt": 1234,
  "lastModifiedAt": 5678
String format
  "createdAt": "1234",
  "lastModifiedAt": "5678"
Structure of expand=false query parameter
  "proxies": [
      "name": "helloworld"
      "name": "weather"
Query parameters prefixed by underscore Supported (_optimal=true) Not supported (optimal=true)
Properties in payloads:
  • created_by
  • modified_by
  • self
Supported Not supported
Default values in payloads Included Not included
Error handling structure
        "code": "...",
        "message": "..",
        "contexts": []
  "error": {
    "code": 409,
    "message": "...",
    "status": "ABORTED",
    "details": [...]
Cache deletion response Returns: 200 OK and cache details Returns: 204 No Content
Cache API operations List, create, get, update, delete, clear all, and clear options. List and delete only. Short-lived L1 cache is automatically created when you deploy an API proxy. For more information, see Cache internals.

Differences between the Apigee Edge and Apigee X metrics APIs

Summary of changes using the API lists the general differences between the Apigee Edge API and Apigee X API. The following table lists specific differences for the metrics APIs:

Feature Apigee Edge APIs Apigee X APIs
API endpoint api.enterprise.apigee.com apigee.googleapis.com
Daily analytics emails No APIs supported
Async Query List API Get a list of asynchronous analytics queries The userId property is omitted from the response. See Method: organizations.environments.queries.list.
Custom report APIs Reports API The createdBy and lastModifiedBy properties have been removed from the response. See Reports API.

Unsupported Apigee Edge APIs

The following table lists the unsupported Apigee Edge APIs (that do not have Apigee X API equivalents).

API category Unsupported Apigee Edge APIs
API Monitoring No APIs supported
API proxies
  • Force undeploy API proxy
  • Get npm dependencies
  • Manage npm modules
Audits Use Stackdriver Logging API
Cached logs No APIs supported
Companies No APIs supported
Company apps No APIs supported
Company app family No APIs supported
Company app keys No APIs supported
Debug sessions
  • Cannot stop trace sessions
  • Cannot delete individual transactions

For more information, see Differences with Trace.

Developer app Get count of API resources
Developer app family No APIs supported
Extensions No APIs supported
Keystore: Truststore Test a keystore or truststore
LDAP No APIs supported
Monetization No APIs supported
OAuth V2 No APIs supported
Policies No APIs supported
Resource files
  • API proxy revision scope
  • Organization scope
Sense No APIs supported
Users and user roles Use Google Identity and Access Management (IAM)-related APIs as described in Managing users, roles, and permissions using APIs
Virtual hosts No APIs supported

Apigee Edge for Private Cloud vs. Apigee hybrid

The following table compares Apigee Edge for Private Cloud and Apigee hybrid:

Service Apigee Product or Feature Area
Apigee Edge for Private Cloud Apigee hybrid
Analytics Qpid and Postgres servers A data collection pod in the runtime plane uses fluentd and UDCA (Universal Data Collection Agent) to gather analytics and feed the data to the UAP (Unified Analytics Platform) in the management plane.
API Proxy Gateway Message Processor The Message Processor (MP) processes incoming requests. MPs are implemented as one or more containerized apps in the runtime plane.
Persistence Cassandra node or ring Cassandra provides persistence for the KMS, KVM, quota, and cache features.
Deployment ZooKeeper The Synchronizer ensures that API proxy configurations, environment information, and other data is kept up to date between the management plane and runtime plane.
Administrative User Interface The Apigee Edge UI is hosted on the Management Server The Apigee UI is hosted on the management plane.
Load Balancing Router An Istio Ingress controller hands requests to the Message Processor (MP) containerized app in the runtime plane.
APIs Management Server Apigee X APIs are accessed through the Management Server and MART. MART interacts with the local Cassandra datastore and serves as an API provider for the Apigee X APIs to access and manage runtime data entities.
Metrics Each component configured with JMX Managed by a single Prometheus server per cluster for all services.