Compare Apigee products

This topic compares Apigee on Google Cloud and Apigee hybrid to Apigee Edge for Public and Private Cloud. For details on Apigee Edge for Public Cloud and Private Cloud, see Apigee Edge documentation.

Components/services comparison

The following table lists common services and how they are presented in the Apigee on Google Cloud, Apigee hybrid, Apigee Edge for Public Cloud, and Apigee Edge for Private Cloud models:

Service	Apigee Product or Feature Area
Service	Apigee hybrid	Apigee on Google Cloud/ Apigee Edge for Public Cloud	Apigee Edge for Private Cloud
Analytics	A data collection pod in the runtime plane uses fluentd and UDCA (Universal Data Collection Agent) to gather analytics and feed the data to the UAP (Unified Analytics Platform) in the management plane.	Managed by Apigee	Qpid and Postgres servers
API Proxy Gateway	The Message Processor (MP) processes incoming requests. MPs are implemented as one or more containerized apps in the runtime plane.		Message Processor
Persistence	Cassandra provides persistence for the KMS, KVM, quota, and cache features.		Cassandra node or ring
Deployment	The Synchronizer ensures that API proxy configurations, environment information, and other data is kept up to date between the management plane and runtime plane.		ZooKeeper
Administrative User Interface	The Apigee UI is a containerized app hosted on the management plane.		The Apigee Edge UI is hosted on the Management Server
Load Balancing	An Istio Ingress controller hands requests to the Router/Message Processor (RMP) containerized app in the runtime plane.		Router
APIs	Apigee APIs are accessed through the Management Server and MART. MART interacts with the local Cassandra datastore and serves as an API provider for the Apigee APIs to access and manage runtime data entities.		Management Server
Metrics	Managed by a single Prometheus server per cluster for all services.		Each component configured with JMX

Feature comparison

The following sections compare Apigee Edge Public/Private Cloud features with feature availability in Apigee on Google Cloud and Apigee hybrid.

Summary of current feature differences

The following table describes feature-level differences between Apigee on Google Cloud (and Apigee hybrid) and the Apigee Edge for Public and Private Cloud platforms.

Apigee Edge feature	Support in Apigee on Google Cloud and Apigee hybrid
APIs	Apigee on Google Cloud uses the Apigee APIs. For a complete list of differences, see API comparison.
API Monitoring	API Monitoring is a beta release.
API Proxy Revisions	Immutable when deployed
Apigee Adapter for Istio	Deprecated: We recommend you use Apigee Adapter for Envoy instead.
Deployments	Asynchronous deployments Retrieving deployment status is based on the last time the runtime plane "checked-in" with the management plane
Environments	Support for environment groups Self-service through the Apigee UI and APIs More flexibility in serving topology An MP pod can only serve one environment For more information, see About environments and environment groups.
Extensions	Not supported
Hosted targets	Not supported
Keystores/Truststores	Northbound managed as Kubernetes secrets Southbound managed as in Apigee Edge References are supported only through the Apigee API. See REST Resource: organizations.environments.references.
KVMs	In the Apigee UI, you can create environment-scoped KVM maps that are either unencrypted or encrypted. You cannot add, update, or view KVM entries in the UI. You cannot use the Apigee API to add, update, or list KVM entries. To add entries to a KVM, you must use the KeyValueMapOperations policy. You can use property sets for some of the same use cases as KVMs. See Using property sets. For more information on creating KVM maps in the UI, see Using key value maps. See also Accessing configuration data for information on how to choose the right data persistence mechanism.
Microgateway	Not supported
Monetization	Not supported
Node.js	Node.js API proxies are not supported. Apigee recommends that you host Node.js applications as separate containers in Kubernetes (same or different cluster) Hosted targets are not supported
Hosted targets	Not supported.
OAuth	New RevokeOAuthv2 policy revokes by end user ID, app ID, or both
Organizations	Now self-provisioned
OpenAPI Specification management	Not supported
Policies	New policy: RevokeOAuthv2 policy: Revokes by user ID, app ID or both Policy not supported: StatisticsCollector policy Changed policies: SpikeArrest policy: Does not support `<UseEffectiveCount/>` MessageLogging policy: Does not support file logging
Portals	The following features are not yet supported in integrated portals: Audience management Developer teams
Resources	Cannot use organization-level resources
Roles and Permissions	Managed through Google Cloud Console's IAM service Some curated out-of-the-box roles are available You can create custom roles which can include other GCP permissions For more information, see Users and roles.
Sense	Not supported
SOAP services in the Build a proxy wizard	Not supported. See wsdl2apigee, an open source project that provides SOAP utilities for use with Apigee.
Trace/Debug Sessions	Apigee on Google Cloud includes the following differences for trace: Tracing is asynchronous The Debug Session API and Debug Session Data API are different from their Apigee Edge counterparts Filters are expanded to include support for conditions reference syntax Session name handling and timeout defaults are different Data masking is supported for hybrid v1.2 and later versions. For more information, see Differences with Trace.
Virtual Hosts	Not managed in or by Apigee You are responsible for managing the Kubernetes ingress point Istio Gateway (Envoy) is used where certificates and keys are deployed OCSP stapling is not supported by Envoy (as of August 2019) TLS variables are now available in API proxies in Apigee and Apigee hybrid

Differences with Trace

The following table summarizes the differences between trace in Apigee and Apigee hybrid on Google Cloud and Apigee Edge:

Feature	Apigee Edge Cloud	Apigee and Apigee hybrid on Google Cloud
Timeliness	Real time; synchronous	Slight delay; asynchronous
Session name/ID	Accepts session name from the user	Doesn't accept session name from the user
Filters	Basic filter support, such as header and query parameter filtering	Support for complex filtering logic, including both AND and OR logical operations. Access to any flow variable mentioned in the flow variables reference. Syntax is the same as used with conditionals, as shown in the conditions reference.
Session timeout	Defines the length of the debug session as well as how long data is retained. Default value is 20 minutes when initiated via API calls and 10 minutes when initiated in the UI.	Defines only the length of the debug session. The starting point is when the Message Processor receives the request to run in debug mode. Default value is 5 minutes if the session was initiated with the API and 10 minutes if it was initiated in the UI. Data is persisted for 24 hours before hybrid automatically deletes it.
Session validity		Length of time in which the session creation request is valid. If the debug session does not start within this amount of time, the Synchronizers can disregard the session creation request. Be sure to keep your Synchronizers' clocks in synch, as described in Prerequisites.
Trace request count	Maximum of 20 per Message Processor	Default is 10 per Message Processor; maximum is 15.
API	Apigee Edge Cloud	Apigee on Google Cloud
Apigee on Google Cloud exposes the Debug Session API and Debug Session Data API, but does not support the following via the Apigee APIs:
Stop debug session
Delete specific transactions

Which Apigee Edge features are removed in Apigee on Google Cloud?

Google does not plan to support the following features in Apigee hybrid:

APIs to:
- Manipulate KVM entries
- Search for or revoke OAuth access tokens (because tokens are hashed)
Developer portal development using Drupal 7
OAuth v1 or OAuth OAuthv1.0a policy.
ConcurrentRateLimit policy rate limiting policy
Trireme (EOL'd on 10/10/2019)

API comparison

In general, most of the Apigee Edge APIs have Apigee API equivalents. This section provides:

Summary of changes in behavior across all Apigee APIs as compared to the Apigee Edge APIs
Differences between the Apigee and Apigee Edge metrics APIs
List of unsupported Edge APIs (that do not have Apigee API equivalents).

Summary of changes using the API

The following lists the changes in behavior across all Apigee APIs as compared to the Apigee Edge APIs.

Behavior	Apigee APIs	Apigee Edge APIs
Base domain	`apigee.googleapis.com`	`api.enterprise.apigee.com`
Media types	`application/json`	`application/json` `application/xml`
Authentication	OAuth2	OAuth2, SAML, Basic
Timestamps in keys	`String` format `{ "createdAt": "1234", "lastModifiedAt": "5678" }`	`int64` format `{ "createdAt": 1234, "lastModifiedAt": 5678 }`
Structure of `expand=false` query parameter	{ "proxies": [ { "name": "helloworld" }, { "name": "weather" } ] }	[ "helloworld", "weather" ]
Query parameters prefixed by underscore	Not supported (`optimal=true`)	Supported (`_optimal=true`)
Properties in payloads: `created_by` `modified_by` `self`	Not supported	Supported
Default values in payloads	Not included	Included
Error handling structure	{ "error": { "code": 409, "message": "...", "status": "ABORTED", "details": [...] } }	{ "code": "...", "message": "..", "contexts": [] }
Cache deletion response	Returns: `204 No Content`	Returns: `200 OK` and cache details

Differences between the Apigee and Apigee Edge metrics APIs

Summary of changes using the API lists the general differences between Apigee API and Apigee Edge API. The following table lists specific differences for the metrics APIs:

Feature	Apigee APIs	Apigee Edge APIs
API endpoint	`apigee.googleapis.com`	`api.enterprise.apigee.com`
Daily analytics emails	No APIs supported	Subscribe to daily analytics emails
Async Query List API	The `userId` property is omitted from the response. See Method: organizations.environments.queries.list.	Get a list of asynchronous analytics queries
Custom report APIs	The `createdBy` and `lastModifiedBy` properties have been removed from the response. See Reports API.	Reports API

Unsupported Apigee Edge APIs

The following table lists the unsupported Apigee Edge APIs (that do not have Apigee API equivalents).

API category	Unsupported Apigee Edge APIs
API Monitoring	No APIs supported
API proxies	Force undeploy API proxy Get npm dependencies Manage npm modules
Audits	Use Stackdriver Logging API
Cached logs	No APIs supported
Companies	No APIs supported
Company apps	No APIs supported
Company app family	No APIs supported
Company app keys	No APIs supported
Debug sessions	Cannot stop trace sessions Cannot delete individual transactions For more information, see Differences with Trace.
Developer app	Get count of API resources
Developer app family	No APIs supported
Extensions	No APIs supported
Keystore: Truststore	Test a keystore or truststore
Keystore: Certs	Use organizations.environments.keystores.aliases APIs
Keystore: Keys	Use organizations.environments.keystores.aliases APIs
LDAP	No APIs supported
Monetization	No APIs supported
OAuth V2	No APIs supported
Policies	No APIs supported
Resource files	API proxy revision scope Organization scope
Sense	No APIs supported
Users and user roles	Use Google Identity and Access Management (IAM)-related APIs as described in Managing users, roles, and permissions using the API
Virtual hosts	No APIs supported