Policy reference overview

Apigee's out-of-the-box policies augment your APIs to control traffic, enhance performance, enforce security, and increase the utility of your APIs, without requiring you to write any code or modify any backend services.

In addition, Apigee provides extension policies that let you implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets.

Policy categories

Following are the categories of policies that Apigee provides:

Traffic management policies	Mediation policies	Security policies	Extension policies
Let you configure caching, control quotas, mitigate the effects of spikes, and perform other functions related to your API traffic. Caching policies: InvalidateCache policy LookupCache policy PopulateCache policy ResponseCache policy Quota policy ResetQuota policy SpikeArrest policy	Let you perform message transformation, parsing, and validation, as well as raise faults and alerts. AccessEntity policy AssignMessage policy ExtractVariables policy JSONtoXML policy KeyValueMapOperations policy OASValidation policy RaiseFault policy SOAPMessageValidation policy XMLtoJSON policy XSLTransform policy	Let you control access to your APIs with OAuth, API key validation, and other threat protection features. AccessControl policy BasicAuthentication policy HMAC policy JSONThreatProtection policy JWS policies: DecodeJWS policy GenerateJWS policy VerifyJWS policy JWT policies: DecodeJWT policy GenerateJWT policy VerifyJWT policy OAuth v2 policies: DeleteOAuthv2Info policy GetOAuthv2Info policy OAuthv2 policy SetOAuth v2 Info policy RegularExpressionProtection policy SAMLAssertion policy VerifyAPIKey policy XMLThreatProtection policy	Let you define custom policy functionality, such as service callout, message data collection, and calling Java, JavaScript, and Python scripts. DataCapture policy FlowCallout policy JavaCallout policy JavaScript policy MessageLogging policy PythonScript policy ServiceCallout policy
^{* Available only with select Apigee plans} ^{† On-premises installations only}

Traffic management policies

Mediation policies

Security policies

Extension policies

Let you configure caching, control quotas, mitigate the effects of spikes, and perform other functions related to your API traffic.

Let you perform message transformation, parsing, and validation, as well as raise faults and alerts.

Let you control access to your APIs with OAuth, API key validation, and other threat protection features.

Let you define custom policy functionality, such as service callout, message data collection, and calling Java, JavaScript, and Python scripts.

^{* Available only with select Apigee
plans}
^{† On-premises installations only}