Apigee release notes

Add failure policy (Generally available (GA))

You can now configure more complicated retry strategies for tasks, such as retries based on the error codes or the variable values during the execution:

• Configure multiple ordered conditional failure policies for each task.
• Configure a default failure policy that will be applied if no conditional failure policies matches.
• Use system auto-generated variables in the failure policies. For example, ExecutionMode and ErrorInfo.

For more information, see Example for error handling.

In addition to us-central1 and europe-west1, Apigee API hub now supports the following new hosting regions:

See Provision API hub.

Apigee no longer limits the number of Cloud projects that can connect to an Apigee instance. Previously, the limit was 50 projects. For each project, you can now create up to 100 Private Service Connect Network Endpoint Groups. The previous limit was 20. For any Apigee instances created before October 10, 2024, you must perform an update to the consumer accept list for an Apigee instance if you want to take advantage of these new limits. See Updating the consumer accept list for an Apigee instance. See also Limits.

New features added to the Risk Assessment v2 preview

This release introduces new features to the Risk Assessment v2 preview:

• Support for custom security profiles. You can create your own security profiles, with unique combinations of risk assessment checks and weights, to use for proxy risk assessment.
• New assessment checks. We've added additional checks you can use when assessing proxy risk.
• Assess proxies across multiple profiles. You can now switch between security profiles to see differences in scoring across profiles.

For usage information and a list of all features in Risk Assessment v2, see the Risk Assessment v2 customer documentation.

Build integrations with Gemini Code Assist (GA)

Building integrations with Gemini Code Assist is now generally available (GA).

Additionally, if you have API Hub enabled in your project, then Gemini can assist you to provide contextually appropriate Call REST Endpoint tasks and task configuration recommendations based on the logical flow of your existing integration. For more information see, Configure Call REST API tasks.

Local logging in async mode (Generally available (GA))

By default, local logging for new integrations is now enabled in async mode. With this change, the log data is persisted (written) at fixed intervals or after the completion of the integration's execution, whichever is earlier. You can change the default settings by editing the integration details.

For more information, see Local logging.

Test cases (Preview)

You can now test if your integration is working as intended by creating and running test cases on your complex integrations.

For information about test case, see Introduction to test cases. Learn how to do the following:

• Create test cases
• Configure test cases
• Manage test cases
• Run test cases
• Upload and download test cases

Diagram mode in the Data Transformer Task (Preview)

The Diagram mode provides a console-based experience to select the input and output variables and perform transformations in the data transformation editor. For more information, see the Data Transformer task.

Replay execution (Preview)

You can now rerun a failed integration with the same parameters as the previous execution. For more information, see Replay executions.

Cancel execution (Preview)

If you have executions that are suspended due to an approval task or a technical issue, you can now choose to cancel those executions. For more information, see Cancel executions.

Cassandra credential rotation in Vault

Starting in version v1.3.1, You can set up automatic Cassandra credential rotation when your credentials are stored in Hashicorp Vault. See Rotating Cassandra credentials in Hashicorp Vault.

New analytics and debug data pipeline for data residency-enabled orgs

Newly created Apigee hybrid v1.13.1 orgs created with data residency enabled can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. You cannot use the new data pipeline with non data residency-enabled orgs; only new orgs created on hybrid v1.13.1 can use this new feature. For details, see Using data residency with Apigee hybrid.

With this release, all remaining Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features.

To learn more about:

• Standard and Extensible API Proxy types, see API Proxy types.
• Viewing proxy deployment count, see View proxy deployment usage.

A new "Get started with API hub" page was added to the user interface. This new page includes valuable getting started information, including a new FAQ, to help you get the most out of API hub.

We added a new Supply chain page where you can create, view and manage your dependencies across API operations. The same dependencies can also be created from the API operations page. See Manage dependencies.

The Semantic Search (formerly Smart Search) user interface has been improved, and search results are shown across all API hub entities, such as APIs, deployments, specifications, and versions. See Search and filter APIs.

We added support for GMEK and CMEK in the provisioning steps. While provisioning, you can also choose to host your Vertex search data in a different location or disable Vertex search altogether. See Provision API hub.

We added support for Cloud audit logging.

The List APIs for specifications, dependencies, and external APIs have been enhanced to return a complete response, including user-defined attributes.

While you can use API hub by making direct REST over HTTP requests, we now provide client libraries for several popular languages. See API hub client libraries.

Significant user interface improvements were made, such as standardization of cards on the API details page, unlinking of deployments, various performance fixes, and more.

If you have CMEK org policy constraints on your Google Cloud project, Apigee will enforce compliance with those constraints and guide you in choosing valid configuration, and prevent you from using Apigee features that are not CMEK-compliant.

The following documents are new and explain how to use CMEK with Apigee:

• Using organization policy constraints in Apigee
• Best practices for Apigee CMEK

The following documents have been updated with the relevant CMEK information:

• Introduction to CMEK
• Compare evaluation and paid organizations in Apigee
• Provisioning an eval org
• Provision a paid org without VPC peering
• About the Apigee encryption keys
• Compatible services
• Use Cloud KMS keys in Google Cloud

View logs in Cloud Logging

Viewing integration execution logs in Cloud Logging is now generally available (GA). For more information, see View logs in Cloud Logging

The Resolve JSON Path data transformer function is now available. This function resolves a JSON path on a given JSON object by using the JSONPath reference.

Release of Cloud IAM-based authorization and authentication and the VerifyIAM policy.

This release introduces Cloud IAM-based authorization and authentication for Apigee API access. With this IAM-based solution, access to invoke an API requires the API consumer to have a specific Google Cloud IAM role or permissions.

For information, see IAM-based API authentication overview and VerifyIAM policy.

With this release, Apigee supports Workforce Identity Federation.

Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access Apigee services.

See Access Apigee using Workforce Identity Federation for more information.

The XSLT Transform data transformer function is now available. This function transforms the specified XML string using the specified XSL string.

Proxy-specific security actions

You can now create security actions that apply only to one or more specified proxies.

This new functionality is not available with Apigee hybrid at this time.

See Security actions to learn more about proxy-specific security actions.

An informational message was added to the action creation flow for Apigee Security actions, informing users that actions can't be edited or deleted.

With the non-VPC peering provisioning approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects. Non-VPC peering is supported for command-line (CLI) steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.

To learn more, see Apigee networking options.

You can now edit an uploaded API specification's metadata through the Cloud console. See Edit specification metadata.

You can now choose in the Cloud console to restrict the upload of an API specification file that contains errors. By default, specs containing errors are uploaded. See Add a spec to an existing version.

When an Apigee API proxy is auto-registered, its deployment type is now labeled either Apigee X or Apigee hybrid. Existing Apigee proxy deployments registered with API hub will also be labeled with the appropriate type. See Auto-register Apigee proxies.

All API proxy endpoints auto-registered from Apigee will be prefixed with https:// by default. Endpoints for existing API proxies that were added to API hub will be updated.

A validation check has been added to reject an API specification style guide upload if the style guide's extends property contains a URL. See Upload a new style guide.

User interface and performance improvements were made.

Storing additional secrets in an external secret store

Starting in version v1.13, You can now store AX Hash Salt, Redis password, and Encryption keys in an external secret store like Hashicorp Vault. See Storing Secrets in Vault.

Apigee Operator now runs in the Apigee Kubernetes namespace

Starting in version v1.13, apigee-operator runs in the same name space as the other Apigee hybrid components instead of the apigee-system namespace. You can use apigee or your own custom Apigee namespace. See Upgrading Apigee hybrid to version v1.13.0 and Step 3: Create the apigee namespace.

Improved backup and restore

Starting in version v1.13.0, Apigee hybrid introduces a new backup and restore system. The new system removes the need for pod exec permission and use of a Kubernetes ClusterRole, and requires fewer Kubernetes Service Accounts when using Workload Identity. The new system replaces use of the apigee-cassandra-backup-utility image by using the apigee-hybrid-cassandra-client image. The apigee-cassandra-backup-utility image will no longer be provided starting with this release. See Scheduling backups in a remote server.

Leader election enabled for apigee-watcher component

Starting in version v1.13.0, leader election is enabled for the apigee-watcher component. For proper functioning of the leader election, make sure that the apigee-watcher component uses only one replica set.

New canvas view

In the integration editor layout, you can try the new canvas view to create integration flows. This feature is in preview. The canvas view offers the following benefits:

• Improved responsiveness of the canvas interaction
• Clearer view of your integration
• Minimap view
• Easier to build integrations

In the Application Integration editor, you can now search, browse, and select tasks and connectors in the Tasks list. For more information, see Add a Connectors task.

Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.

Public preview of Risk Assessment v2

This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:

• Improved reliability: Faster score calculations with recent proxy data.
• Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.

For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.

We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.

Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps.

With this release, Apigee expanded its support for data residency to additional regions in Japan:

• asia-northeast1 (Tokyo)
• asia-northeast2 (Osaka)

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

Shadow API Discovery, which is in preview, now supports the use of tags to label and organize observation results.

For usage information, see Use tags.

New flow variables are now available:

• request.headers.names.string
• request.queryparams.names.string
• request.formparams.names.string
• message.headers.names.string
• message.queryparams.names.string
• message.formparams.names.string
• response.headers.names.string

These context variables can be used to return header, query parameter, and form parameter names in string format that can be used in API proxy logic. Each variable returns a comma-separated list of names.

For more information, see the Flow variables reference.

With this release, Apigee expanded its support for data residency to an additional region in Europe: europe-west6 (Zurich).

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

Advanced API Security now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Advanced API Security data is stored. For more information, see Introduction to data residency.

Monetization functionality, including rate plan creation and managing rate plans for API Products, is now available in the Apigee UI in Cloud Console.

For information, see Manage Rate Plans and Create API Products.

Monetization now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Monetization data is stored. For more information, see Introduction to data residency.

This release includes an update to Advanced API Operations Anomaly Detection functionality: the Anomaly Detection functionality is now available in the Apigee UI in Cloud Console and is renamed to "Operations Anomalies."

For information, see the Operations Anomalies overview for information on the functionality in Apigee UI in Cloud Console.

Operations Anomalies supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Operations Anomalies data is stored. For more information, see Introduction to data residency.

The Solace trigger is now available in preview.

This release includes general improvements to performance and availability.

You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification. This feature is in preview.

The following Connector Event triggers are generally available:

• SAP ERP trigger
• SAP Gateway trigger

Preview release of generative AI incident report summaries

This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents. The new generative AI features are available for all Advanced API Security-enabled projects and do not require the Gemini Code Assist add-on.

For usage information, see the Abuse Detection customer documentation.

Apigee is now available in new regions:

• Europe - Berlin (europe-west10)
• Africa - Johannesburg (africa-south1)

See Apigee locations for more information about available regions.

Shadow API Discovery, which is in preview, no longer requires separate creation of P4SA permissions in order to enable the functionality.

For usage information, see the Shadow API Discovery documentation.

Update Pay-as-you-go environment types using the Apigee UI in the Google Cloud console

Apigee Pay-as-you-go customers can modify the type of an existing environment using the Apigee UI in the Cloud console. This feature allows you to add or remove feature capabilities for your environments from the UI.

For more information, see Update your environment type. To learn more about environment types, see Apigee Pay-as-you-go environment types.

Feature: Preview release of Google Cloud-based mock servers for API Management features in Gemini Code Assist.

This release introduces the ability to easily deploy a Google Cloud-based remote mock server for Gemini Code Assist API management, which allows interaction with the designed API by anyone with access to the mock server, helping with testing and validating the APIs.

For more information and usage instructions, see Use Gemini Code Assist.

Vertex AI extensions

You can create Vertex AI extensions for the APIs registered in API hub. These extensions can be integrated with Large Language Models (LLMs) to process real-time data. For more information, see Create a Vertex AI extension.

Eventarc triggers

API hub is integrated with Google Cloud's Eventarc. You can now create Eventarc triggers to listen for specific events in API hub, and then trigger custom workflows based on the event. For more information, see Create an Eventarc trigger.

Multi-level delete

By default, you can delete an API only if all underlying versions are deleted. Starting with this release, you can use the force option to delete an API and its child resources in a single step. For more information, see Delete an API resource.

This release includes the general availability (GA) of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls. The available functionality has not changed since the public preview release.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

• Publishing your APIs
• API categories reference documentation
• API documents reference documentation

Preview release of Shadow API Discovery

This release introduces Shadow API Discovery in preview. Shadow API Discovery finds shadow APIs (also known as undocumented or unmanaged APIs) in your existing cloud infrastructure. Shadow APIs pose a security risk to your system, since they might be unsecured, unmonitored, and unmaintained.

For a feature overview and usage information, see Shadow API Discovery.

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation. This release also includes the preview release of enhanced API hub interaction in Cloud Code.

This release introduces features for Gemini Code Assist API management:

• Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
• Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

This release also includes updates to API hub interaction from Cloud Code: An update to the Cloud Code extension enables you to interact with any API in your API hub using a mock server in Cloud Code, make changes to the API, and publish it back to API hub. For information and usage instructions, see Edit APIs.

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation.

This release introduces features for Gemini Code Assist API management:

• Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
• Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

The TIBCO EMS trigger is now available in preview.

Terraform support

You can now use Terraform to provision new regions and create authentication profiles. For a detailed reference document about terraform resources, see google_integrations_client and google_integrations_auth_config.

This release includes general improvements to performance and availability.

Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

Addition of CIDR range support when specifying IPv4 addresses for security action rules.

Apigee Advanced API Security now includes support for CIDR range specification when creating security action rules that restrict access based on IP addresses.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later).

AppGroups represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership. Client support for AppGroups is available with the latest Drupal Teams module.

Target server SSL enforcement

With this release, Apigee customers can specify strict SSL southbound enforcement in TargetServer configurations using the object's enforce key. If set to true, SSL enforcement is applied to service callouts.

The option to specify this behavior is analogous to usage of the <Enforce> tag in the <SSLInfo> block of the TargetEndpoint configuration.

For more information, see Configure strict SSL enforcement .

Environment-level flag for SSL enforcement

Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag.

If SSLInfo.Enforce is set to true or false, the value specified overrides any granular enforcement options specified in <SSLInfo> blocks in TargetEndpoint or TargetServer configurations.

If SSLInfo.Enforce is unset, SSL enforcement is determined by any values specified using the <Enforce> element within individual <SSLInfo> blocks. For more information, see TLS/SSL TargetEndpoint configuration.

Two-way HTTPS health monitor support

Apigee health monitors using <HTTPMonitor> can now use all SSL parameters available in the <SSLInfo> block of their TargetServer configurations when performing health checks.

To enable access, set <UseTargetServerSSLInfo> to true in the <Request> block of the HTTPMonitor configuration.

For more information, see Health monitor using HTTP monitor .

With Gemini, you can now build integrations in Application Integration:

• Create and build integrations
• Configure connector tasks in an integration
• Add edge conditions and append additional tasks to an integration
• Generate integration description

This feature is in preview.

While configuring a Cloud Pub/Sub trigger, you can now add a config variable for your service account. Config variables let you externalize configuration for integrations.

Logging Apigee access logs

Apigee Subscription and Pay-as-you-go customers can now enable Cloud Logging ingress access logs for each Apigee instance in their organization. Once enabled, this feature allows you to view the logs generated by ingress gateways in your Apigee infrastructure, such as an external Application Load Balancer or an Anthos gateway, to assist in troubleshooting Apigee API calls.

For more information, see Logging Apigee access logs.

Apache Kafka trigger is now in preview.

With this release, Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features and expanded limits on deployments.

With this upgrade:

• Standard and extensible API proxy calls are counted equally when calculating overall API call entitlement for Subscription 2021 contracts.
• The maximum number of shared flow deployments is 75 per environment.
• There are no limits on the total number of API proxy deployments per environment.
• The maximum limit of total deployment units (API proxies or shared flows) per organization is 4250.

Note: The fleetwide upgrade is complete for the majority of Subscription 2021 contract organizations. Organization administrators for the remaining 5% of organizations have been contacted by Apigee representatives regarding timelines for the release.

To learn more about:

• Standard and Extensible API Proxy types, see API Proxy types.
• Expanded limits for API proxy and shared flow deployments, see Limits.
• Account level deployment limits, see Subscription 2021 entitlements.
• Viewing proxy deployment count, see View proxy deployment usage.

A new suite of metrics for monitoring Apigee proxies and target endpoints is now available for Hybrid 1.12.

You can now add your own contractEncryptionKey for new Apigee hybrid installations. For details, see Data encryption.

The JAR file dependencies required to create a Java callout are now hosted securely in Artifact Registry.

For more information on downloading the JAR dependencies from Artifact Regsitry, see Compile your code with Maven.

Hybrid 1.12 validates required conditions are satisfied before allowing Runtime services to be created. See Diagnosing issues with guardrails.

Apigee hybrid now supports Workload Identity Federation for component authentication on AKS and EKS installations. See Enabling Workload Identity Federation on AKS and EKS.

Hybrid v1.12 now supports storing service account keys in Hashicorp Vault. See Storing service account keys in Hashicorp Vault.

With this release, Apigee expanded its support for data residency to additional regions in Asia-Pacific and the Middle East. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

With this release, Apigee expanded its support for data residency to additional regions in Canada. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

With this release, Apigee expanded its support for data residency to additional regions in the European Union. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

New Apigee API Monitoring Metrics

An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.

Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:

proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies

New Apigee API Monitoring Metrics

An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.

Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:

proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies

Application Integration now supports config variables. Config variables let you to build CICD for your integration. This feature is in preview.

New conditions for security actions

You can now create security actions based on the following condition types (in addition to the condition types for Detection rules and IP addresses that were already available):

• API keys
• API products
• Access tokens
• Developers
• Developer apps
• User agents

These new conditions are not available with Apigee hybrid at this time.

See Create a security action to learn more.

Application Integration now supports private triggers that enable you to break large flows into various subflows. This feature is in preview.

Data masking in logs

You can now prevent sensitive data from appearing the integration execution logs. For more information, see Mask sensitive data in logs.

You can now also view the integration execution logs in Cloud Logging. For more information, see View logs in Cloud Logging.

API support for update operations on KeyValueMap entries

Starting with this release, the Apigee APIs support update operations for KeyValueMap entries. See the API reference page for REST Resource: organizations.environments.keyvaluemaps.entries for information.

We modified or added these limits:

• Changed the maximum API proxy endpoints per API proxy from 5 to 10
• Specified the maximum API base paths per organization as 21,250

See the Limits page for details.

Custom connectors [Preview]

Application Integration now supports custom connectors. The custom connectors feature (based on the Open API specification) lets you create your own connectors that aren't a part of the standard connectors provided by Integration Connectors. You can use these connectors in your integrations. For more information, see Custom connectors.

The following new data transformer functions are available:

• getIntegrationVersionId (): Get the integration version ID of the current integration.

• getIntegrationVersionNumber(): Get the version number of the current integration.

Training machine learning models for abuse detection on your data

You now have the option to allow Apigee to train your organization's machine learning models for abuse detection on your data. Training the models on your data helps improve their accuracy for detecting security incidents.

Webhook triggers are now supported in preview. With webhook triggers, you can build integrations for your data sources that don't have specific triggers but support webhook for event listening.

Update Pay-as-you-go environment types with Apigee APIs.

Use Apigee APIs to upgrade or downgrade the type of an existing environment to add or remove feature capabilities and manage your Apigee Pay-as-you-go billing and resource usage. For more information, see Update Pay-as-you-go environment types.

Apigee Advanced API Security add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee Advanced API Security is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment from the Apigee UI in Cloud Console or using the Apigee APIs. For more information, see Manage the Advanced API Security add-on.

Public preview of archiving security incidents

With this release, you can now archive security incidents that you no longer want to see displayed in the incidents list. For example, you might want to archive incidents that you have already dealt with and no longer need to track. Archiving incidents can help you focus on those incidents that still require your attention. Archiving does not delete the incident: you can always unarchive it whenever you want.

Performance improvements to Risk Assessment security scores

Risk Assessment security scores now load faster in the Apigee UI, due to improved server side caching of scores.

You can now restrict the creation of Apigee location based resources (Organization, Instances and EndpointAttachments) to specific locations using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.

Apigee now supports data residency. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored. See Introduction to data residency.

Apigee now supports Forward Proxying. Forward Proxying provides the ability to forward traffic received in a particular environment to a specified URI. See Forward proxying.

Apigee now supports CMEK for the control plane. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK). See Introduction to CMEK.

General Availability (GA) of Apigee gRPC passthrough

Apigee's gRPC proxy passthrough functionality provides the ability to create proxies which receive gRPC client requests and pass them through to a gRPC target server.

For information, see Creating gRPC API proxies.

New button to create a security action is now in several places in the Abuse detection and Risk assessment pages

The new button links directly to the Security actions page from the Abuse detection or Risk assessment pages, so you can easily create a security action for the environment you are currently viewing. The button is in the following locations:

• The Source assessment view in the Risk assessment page
• The Detected Traffic, Incident, and Incident details views in the Abuse detection page

Cloud Pub/Sub trigger supports cross-project topics

You can now configure your Cloud Pub/Sub trigger for a Pub/Sub topic that isn't in the same Google Cloud project as your integration. The Pub/Sub topic can be in any Google Cloud project.

Starting with this release, you must specify a service account when configuring the Cloud Pub/Sub trigger. Your existing Cloud Pub/Sub triggers, that don't have any service account associated with them, will continue to work as before. However, if you want to modify the Pub/Sub topic in any of the existing Cloud Pub/Sub triggers, you must also configure a service account for those triggers to continue using them.

HubSpot trigger is now available in preview.

The following Connector Event triggers are available in preview:

• IBM MQ trigger
• Rabbit MQ trigger

Helm charts management for Apigee hybrid

Starting in version v1.11.0, you have the choice of installing and managing your clusters with either Helm or apigeectl. You cannot manage a cluster with both. Apigee recommends using Helm for new hybrid installations. See Apigee hybrid Helm charts reference.

Vault integration for Cassandra credentials (preview)

Starting in version v1.11.0, you can store Cassandra credentials in Hashicorp Vault.
Note: Using Vault requires Helm management of your Apigee installation.
See Storing Cassandra credentials in Hashicorp Vault.

Vault integration is in preview as of the Apigee hybrid 1.11.0 release.

Apigee Advance API Security Actions for Apigee hybrid

Advanced API Security's new Security Actions feature is now available in Apigee hybrid.

With this release, the HeaderName element is available as a child element of Authentication. This element appears in the ServiceCallout and ExternalCallout policies, and in the TargetEndpoint proxy configuration.

By default, when an Authentication configuration is present, Apigee generates and injects a bearer token into the Authorization header, in the message sent to the target system. The new HeaderName element allows you to specify the name of a different header to hold that bearer token.

This release includes the public preview of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

• Publishing your APIs
• API categories reference documentation
• API documents reference documentation

Apigee is now available in a new region: Middle East - Dammam (me-central2).

See Apigee locations for more information about available regions.

Public preview of Advanced API Security custom profiles in the Apigee UI

With this release, you can now create and edit custom security profiles in the Apigee UI. Custom profiles let you specify the security categories that your security scores are based on.

The Security scores page in the Apigee UI has been renamed to the Risk assessment page, and the page now has tabs for security scores and security profiles.

With this release, the HeaderName element is available as a child element of Authentication. This element appears in the ServiceCallout and ExternalCallout policies, and in the TargetEndpoint proxy configuration.

By default, when an Authentication configuration is present, Apigee generates and injects a bearer token into the Authorization header, in the message sent to the target system. The new HeaderName element allows the configuration to specify the name of a different header to hold that bearer token.

Looker Studio Integration

This release includes the public preview of Looker Studio Integration, which connects Apigee data to Google's Looker Studio. Looker Studio is a powerful and flexible tool that you can use to display Apigee data in fully customizable dashboards and reports.

The following new data transformer functions are available:

• Manifest XML - Converts the specified input JSON object into an XML string.

• Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

The following new data transformer functions are available:

• Manifest XML - Converts the specified input JSON object into an XML string.

• Parse XML - Parses the specified input XML string into a JSON object.

IAM Conditions for fine-grained access

IAM Conditions lets you define and enforce conditional, attribute-based access control for Google Cloud resources, including Application Integration resources. For more information, see Add IAM conditions.

You can now view the detailed summary of an integration from the Integration designer. For more information, see View integration details.

Public Preview of Advanced API Security Actions

Advanced API Security's new Security Actions feature lets you create security actions that define how Apigee handles detected traffic. You can create the following security actions:

• Deny actions, which deny requests that meet specified conditions, for example, originating at an IP address that has been identified as a source of abuse.

• Flag actions, which let requests pass through, but add headers to requests to identify them as suspicious.

• Allow actions, which are used to override deny actions in specific cases when the request is trusted.

New attributes for Pay-as-you-go pricing are generally available (GA).

Apigee updated its Pay-as-you-go pricing model, making it possible for customers to onboard at a significantly reduced initial cost and right-size their ongoing expenses to usage.

To learn more about the updated Pay-as-you-go pricing experience, see Pay-as-you-go (updated attributes) pricing overview.

Standard and extensible API proxies are generally available (GA).

Standard and extensible API proxies are generally available for use with Apigee organizations.

For more information about standard and extensible API proxies, see API proxy types.

HTTPModifier and ReadPropertySet policies and templating support for message elements are generally available (GA).

The HTTPModifier policy can change an existing request or response message and provides a subset of the functionality already available in the AssignMessage policy. See HTTPModifier policy.

The ReadPropertySet policy reads property sets and populates flow variables with the results. See ReadPropertySet policy.

HTTPModifier and ReadPropertySet are standard policies. Proxies built exclusively with standard policies are called standard proxies and can be deployed to any environment type. See Pay-as-you-go (updated attributes) pricing overview.

With this release, template support for message elements is also generally available. See URL templating.

New environment types are generally available (GA).

With this release, Apigee introduces three distinct environments that have access to varying degrees of Apigee capabilities and costs: Base, Intermediate, and Comprehensive.

For more information, see Apigee Pay-as-you-go environment types.

Apigee API Analytics add-on for Pay-as-you-go organizations is generally available (GA).

With this release, Apigee API Analytics is available as a paid add-on capability for Pay-as-you-go organizations. The add-on can be enabled in any Apigee Intermediate or Comprehensive environment. For more information, see Manage the Apigee API Analytics add-on.

One click provisioning for Apigee Pay-as-you-go organizations is generally available (GA).

Simplify your onboarding experience with one click provisioning for new Pay-as-you-go organizations, using smart default configurations. To learn more, see Provision Apigee with one click.

Updated pricing attributes in Subscription plans are available.

To get started with subscription plans that include new pricing attributes (consistent with Pay-as-you-go pricing), contact your Google Cloud sales specialist.

For more information, see Apigee Subscription 2024 entitlements. Apigee hybrid is not available in the new subscription plan at this time.

This note is incorrect; see entry for May 17, 2024.

Public preview of Advanced API Security Alerting

Advanced API Security's new alerting feature lets you create alerts for events related to API security using Google Cloud Monitoring, such as changes to your security scores or incidents involving detected API abuse. You can configure alerts to send you notifications by email or other channels when these events occur, so you can take action to counteract them.

This release includes a new Overview page for Apigee API Management in the Google Cloud console.