Secure API management
Build trust and engagement with secure assets in your API program — at all points of engagement from users, apps, developers, API teams, and backend systems. Provide protection against hackers, bots, and other suspicious behaviors. Verify API keys at runtime, generate OAuth tokens, implement JSON threat protection, and more with policies that extend the built-in security layer in Apigee Edge.
A complete intelligent security solution
Apigee Edge provides end-to-end security across all components of the API management platform. Proactively address business priorities and security needs for data protection, threat detection, access control, identity management, and governance. Apigee services are third-party audited, compliant, and certified for PCI DSS, SOC1, and SOC2.
Security for all data
Strengthen data privacy in transit or at rest with Apigee’s API security policies and procedures. Built-in governance and advanced cryptography mitigate digital enterprise transactions risks. Execute groups of policies like OAuth or spike arrest across all proxies with shared flows. Flow hooks can reference operational behaviors before or after the proxy execution.
Manage API credentials, developers, and apps through the Apigee Edge management UI. Prevent unauthorized access to APIs with granular role-based access control and federated identity. Configure authentication and authorization to securely expose sensitive data in backend systems only to approved users and applications with two factor authentication and encrypted Key Value Maps (KVMs).
Increase resilience to attacks
Protect API data and critical business systems from outside threats with centralized operation monitoring. Apigee Sense adds a layer of API security using call pattern data, analyzes threat patterns in the API layer, monitors background behavior, and reports suspicious behavior.more about apigee sense
Intelligent insights into API security (alpha)
Ensure your APIs are more secure with enhanced visibility. Gain a holistic view of the health and security status of your API programs. Empower your administrators to understand how APIs are secured and if needed, take appropriate action. Quickly identify which APIs do not adhere to security protocols. Access all of this information from both the Apigee Edge console as well as via management API for seamless integration with existing SIEM tools.
Use SAML as an authentication mechanism for the Edge UI and developer portal services to ensure that only valid users and applications get access to your APIs. Use two-way TLS, API keys, and OAuth 2.0 to authenticate users with the data and systems they want to access.
Configure multifactor authentication and authorization using advanced security extensions for JWT, JWE, JWS. Create unique secure identities for your users and federate them with identity providers.
Threat protection policies
Address XML and JSON vulnerabilities and minimize attacks on your API. Detect XML payload attacks based on configured limits. Protect against SQL injection threats with the Regular Expression Protection policy. Evaluate message content for specific blacklisted keywords or patterns.
Secure systems integration
A separate security implementation for API management and for API runtime makes integration with existing security resources and scalability easy. Flexibility to authenticate with clients while maintaining consistency on the back end for all apps reduces risk while meeting business requirements for securing data at rest and data in transit.
Building and Managing Secure APIs
Product Demo: see how the Apigee API management platform works
OAuth: The BIG Picture
A product or feature listed on this page is in alpha. For more information on our product launch stages, see here.
Evaluate Apigee Edge
See how the Apigee API management platform works.
Get your evaluation account
Design, publish, and secure APIs that developers love.
Contact an API expert
Advance your digital strategy. Let’s start a new API project together.