This page applies to Apigee and Apigee hybrid.
View
Apigee Edge documentation.
Apigee's policies augment your APIs to control traffic, enhance performance, enforce security, and increase the utility of your APIs, without requiring you to write code or modify backend services.
In addition, Apigee provides extension policies that let you implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets.
Policy categories and types
A policy's category indicates the functional area (for example, security or mediation) for the policy. Policies are shown sorted by category below.
The policy type refers to how the policy can be used in Apigee:
- Standard policies are suitable for internal development and lightweight API solutions. Standard policies can be used with any environment type. To see the list of standard policies, see Standard policies by category.
- Extensible policies provide more functionality than standard policies, including for
traffic management, mediation, and security. The extensible policies also
include policies to implement custom logic in the form of JavaScript, Python, Java, and XSLT
stylesheets.
Extensible policies can be used with intermediate and comprehensive environment types only. Using an extensible policy automatically converts that proxy to an Extensible proxy, which could have cost and other implications. Check the Pay-as-you-go entitlements and Subscription 2024 for information.
To see the list of extensible policies, see Extensible policies by category.
For Pay-as-you-go users, the types of policies you can use in a proxy depend on the environment types you plan to deploy that proxy to. See Pay-as-you-go for more information.
If there are two policies, one standard and one extensible, that would both perform the functions you need, use the standard policy.
Standard policies by category
Following are the categories for the standard policies:
| Traffic management policies | Mediation policies | Security policies | Extension policies |
|---|---|---|---|
|
Let you control quotas and mitigate the effects of API traffic spikes. |
Let you perform message transformation, parsing, and validation, as well as raise faults and alerts. |
Let you apply security-related policies. |
Let you define custom policy functionality, such as service callout and message data collection. |
Extensible policies by category
Following are the extensible policies, by category. Proxies with extensible policies can only be
deployed to intermediate and comprehensive environments. Extensible policies are indicated in the user
interface with this icon:
.
| Traffic management policies | Mediation policies | Security policies | Extension policies | AI policies |
|---|---|---|---|---|
|
Let you configure caching, control quotas, mitigate the effects of spikes, and perform other functions related to your API traffic. |
Let you perform message transformation, parsing, and validation, as well as raise faults and alerts. |
Let you control access to your APIs with OAuth, API key validation, and other threat protection features.
|
Let you define custom policy functionality, such as service callout, message data collection, and calling Java, JavaScript, and Python scripts. |
Let you optimize and secure the performance of AI workloads and models. |