Managing API products

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

API products bundle your APIs and make them available to app developers for consumption. For an overview of API products, see What is an API product?

Exploring the Products overview page

The Products overview page displays all of your API products and some details about each one. From this page you can create a new API product, delete a product, or select one to view or edit.

To access the Products overview:

The Products UI lets you perform the following common tasks:

These tasks are described in the sections that follow.

Creating an API product

This section describes how to create an API product using the Apigee UI.

To create an API product using the Apigee UI:

  1. Select Publish > API Products. Apigee displays the Products overview page.
  2. Click + Create. The product configuration page displays.
  3. Configure the API product. The parts of the product configuration page include the following:
    • Product details: Basic information about the API product such as its name, access level (private, public, or internal), and OAuth scopes.
    • Operations: Groups of API proxies, resource paths, and HTTP methods supported by this API product. You can also define quotas limits for each operation.
    • GraphQL Operations: Groups of API proxies, resource paths, and GraphQL operation types supported by this API product. Supported GraphQL operation types include queries and mutations. You can specify one type or the other, or both. Just like for REST-based API proxies, you can define quota limits on each operation.
    • gRPC Operations: Specify gRPC API proxies and gRPC methods supported by this API product. Just like for REST-based API proxies, you can define quota limits on operations.
    • Custom attributes: Key/value pairs that help you control API proxy execution.

    Each of these main parts are described in the sections below.

  4. When you're done, click Save. Apigee creates the new API product. You can now attach the product to a Developer app. See Controlling access to your APIs by registering apps. For additional examples, see Secure an API by requiring API keys and Secure an API with OAuth.

Product details

In the Product details section, enter basic information about your new API product. The following table describes the fields in this section:

Field Required? Description
Name Required

Defines the internal name of the API product. You use this value in calls to the Apigee API that reference the API product. The value of the Name field can include alphanumeric characters, spaces, and the following: _ - . # $ %

For example, My API Product or my-product.

Display name Required

Defines the name used in the Apigee UI for the API product. You can edit the display name of the API product at any time.

The Display name can include special characters.

For example, <My> API Product!!!.

Description Optional

A string that can help you remember the purpose or function of the API product. The description can include special characters.

For example, The one where I let dev apps read but not write to the "/accounts" endpoints.

Environment Optional

Identifies which environments the API product allows access to. If no environments are specified then all environments are allowed by the API Product.

The environments that you select in this field restrict access to API proxies based on where they are deployed. For example, if API proxy A is deployed to both the test and prod environments, but the API product only has the test environment selected, then an API call for the corresponding developer app only allows access to API proxy A deployed in the test environment. For more information on environments, see About environments and environment groups.

Access Required The access level given to users of this API product. For details, see Access levels.
Automatically approve access requests Optional (defaults to selected)

Enables automatic approval of key requests that come in for this API product from any app. To require manual key approval, disable this option.

The default is selected, which means this API product automatically approves key requests.

If you select manual key approval, you must approve key requests that come in from any app that uses this API product. To manually approve keys:

  • UI: Select Publish > Apps, select the app and edit it. Then click Approve.
  • API: Use the Developer app keys API.

For more information, see Registering apps and managing API keys.

Quota Optional

Defines limits on the number of requests allowed for this API product. This value applies to the sum of all operations' requests for this API product.

This value is superseded by more specific quota limits set on operations that you define on the API product.

Entering a quota value does not automatically enforce restrictions on the number of calls that can be made through the API product. You must also add the Quota policy to API proxies that are referenced by the API product.

For more information, see Quotas.

Allowed OAuth scope Optional If you are using OAuth with the API product, enter a comma-separated list of OAuth scopes that you want the API product to allow (such as Read or other scopes that apps send with their API calls). For more information, see OAuth scopes.

Operations

Specify operations allowed on an HTTP-based API proxy, including resource paths, HTTP methods, and quotas. Operations let you control which REST methods and have access to which resource paths in an API product, and how many such calls can be made (with Quota).

To configure operation details, click + ADD AN OPERATION in the Operations section. The Operation view displays.

Field Required? Description
API proxy Required

Select the API proxy to associate with this operation.

Path Required

Enter the resource path for the operation.

You can use the operation path to allow or disallow requests to specific URIs. For example, if you set the operation's source to the music API proxy with a base path of /music, the API product allows calls to all the subpaths under /music. However, if you want the API product to allow access to only the venues resource path which has a URI of /music/venues, add the /venues as the operation's path. You can do this for all operations, or for specific operations.

In this case, calls to /music/venues?name=paramount are allowed, but calls to /music/artists?name=Jack%Johnson are blocked.

Note that there are special rules for wildcards in resource paths, as described in Configuring resource paths.

Methods Optional

Select one or more HTTP request methods in the drop-down list. (These methods are sometimes known as HTTP verbs.) Apigee allows requests to the API proxy that only match the methods you select.

The default is no selection, which allows requests with any HTTP methods.

If you do not select at least one method, Apigee inserts ALL as the value of this field when you save the operation.

For information about the functionality of the HTTP request methods, see HTTP request methods.

Quota Optional Specify quota limits for this operation. For details on how quotas are counted, see Understanding quota counters.
Custom attributes Optional See Custom attributes.

GraphQL Operations

To configure GraphQL operation details, click + ADD AN OPERATION in the Graphql Operations section. The Operation view displays. See also Using GraphQL.

Field Required? Description
API proxy Required

Select the API proxy to associate with this operation.

Operation name Required

Specify a name for the operation

Operation type Optional

Select one or more GraphQL operation types in the drop-down list. Apigee allows requests to the API proxy that only match the operation types you select.

The default is no selection, which allows requests with any operation type.

If you do not select at least one type, Apigee inserts ALL as the value of this field when you save the operation.

For information about the functionality of the GraphQL operation types, see Queries and Mutations.

Quota Optional Specify quota limits for this operation. This quota supersedes the quota set on the API product. See Quota.
Custom attributes Optional See Custom attributes.

gRPC Operations

To configure gRPC operation details, click + ADD AN OPERATION in the gRPC Operations section. The Operation view displays. See also Creating gRPC API proxies.

Field Required? Description
API proxy Required

Select the API proxy to associate with this operation.

Service name Required

Specify a name for the operation.

For the current release, there is no option to provide the target server name. (The service name and the target server are the same.)

gRPC methods in service Optional

Enter the available gRPC methods, using a comma-separated list for multiple methods.

Quota Optional Specify quota limits for these operations. This quota supersedes the quota set on the API product. See Quota.
Custom attributes Optional See Custom attributes.

Custom attributes

Custom attributes are key/value pairs that can be used in many ways, including helping control API proxy execution.

In total, an API product can have up to 18 custom attributes, including those set on operations.

For example, you can create a custom attribute called deprecated with a value of true or false. In your API proxy flow, you can check the value of the API product's deprecated attribute. If its value is true, you can throw an error with the RaiseFault policy because you want that operation to behave as if it is deprecated and no longer supported.

Quota

Defines the quota settings at the API proxy or operation scope. There are three fields under Quota that you must specify, if you define a quota:

  1. The first field specifies the maximum number of requests to allow from a developer app to the API proxy for the specified period.

    This field corresponds to the <Allow> element in a Quota policy.

  2. The second field specifies the reset frequency (or interval) of the quota.

    This field corresponds to the <Interval> element in a Quota policy.

  3. The third field specifies the reset period type (or time unit), such as day, week, or month.

    This field corresponds to the <TimeUnit> element in a Quota policy.

The following example sets a limit of 1,000 GET, HEAD, and TRACE requests to the API proxy per day (all other HTTP requests are ignored):

Add a new quota to an operation

The following example sets a limit of 42 requests every 3 minutes, regardless of HTTP method, to the /mypath resource:

Add a new quota to an operation

When you define a quota for an operation, you are required to enter values for all three fields in the Quota section.

You cannot define different quotas for multiple HTTP methods on the same operation. To do this, you'll need to create multiple API products and define the method-specific quotas on each one.

If you set these values in both the Quota policy and on the API product (in the UI as described here or with the API products API, the API product UI/API settings take precedence.

Configuring resource paths

Note the following rules for resource paths:

  • /: Indicates that the base path and all subpaths of the base path are supported.
  • /**: Indicates that all subpaths of the base path are supported (but not the base path).
  • /*: Indicates that only URIs one level down from the base path are supported.
  • Resource paths specified on the API product or on its operations apply to all API proxies added to the API product.
  • More inclusive, less specific resource paths take predence over those that are more specific. For example, if you add / and /**, the / resource path takes precedence and the /** resource path is ignored.

The following table shows the default behavior of an API product for different resource paths. In this example, the API proxy has a base path of /v1/weatherapikey. The API product resource path applies to the path suffix after the base path.

Request URI Allowed for / Allowed for /* Allowed for /** Allowed for /*/2/** Allowed for /*/2/*
/v1/weatherapikey
/v1/weatherapikey/
/v1/weatherapikey/1
/v1/weatherapikey/1/
/v1/weatherapikey/1/2
/v1/weatherapikey/1/2/
/v1/weatherapikey/1/2/3/
/v1/weatherapikey/1/a/2/3/

By default, a resource path of / in an API product supports the base path and all subpaths. For example, if the base path of the API proxy is /v1/weatherapikey, then the API product supports requests to /v1/weatherapikey and to any subpaths, such as /v1/weatherapikey/forecastrss, /v1/weatherapikey/region/CA, and so on.

With API products, you can change this default so that a resource path of / corresponds only to the base path of the API proxy. This means that the API product will not allow access to a URI that has anything after the /. If you make this change, then in the table above only the first two rows under "Allowed for /" would be allowed.

For additional information, see Making sense of API Product configuration

Editing an API product

To edit an API product:

  1. Select Publish > API Products.
  2. Click in the row of the API product that you want to edit. Apigee displays details about the API product.
  3. Click EDIT.
  4. Edit the API product's settings, as required.

    You cannot edit an existing API resource. Instead, you must delete the API resource and add a new version with the corrected values if you want to change it.

    You might delete a resource if it is malfunctioning or requires more development. When deleted, that resource is no longer part of the current API product. Any app that uses the API product can no longer access the deleted resource. Deleted resources are removed from an API product but are not deleted from the system, so they can still be used by other API products.

  5. (Optional) If Apigee Monetization is enabled, create a rate plan for the API product by clicking Add.
  6. Click Save.

    Your changes take effect within a short period of time (approximately five minutes).

Deleting an API product

Before you can delete an API product, you must unregister/unassociate any developer apps associated with the product. You can do so by either deleting the apps or revoking the app API keys.

To delete an API product:

  1. Select Publish > API Products.
  2. Open the Actions menu in the row of the product to delete and select Delete.
  3. After you confirm the delete operation, the deletion takes effect within a short period of time (approximately five minutes).