API Management

Security and Compliance Update: September 2017

We’re constantly updating our products to better protect your APIs and help you comply with relevant industry privacy and security standards. We’ve published a wealth of information to help you maintain security and compliance; here’s a quick guide to the latest tips and updates.

  • Our security best practice guide describes the actions you can take to ensure your API is secure before you put it into production.
  • As per PCI Council recommendations, PCI applications need to use TLS 1.1 or higher prior to June 2018. If you need enable only TLS 1.1 or higher for your APIs contact Apigee Support.
  • We encourage you to periodically scan and penetration-test your APIs. Contact Apigee Support prior to your planned scan or penetration test.
  • Are you a PCI or HIPAA customer looking for recommended configurations and product features to help maintain compliance? Check out the PCI or HIPAA configuration guides.
  • Want tighter controls on user onboarding/offboarding and user authentication? Apigee now offers SAML single sign-on (SSO) options for user authentication and recommends all customers take advantage of the user controls it offers. Visit our documentation on enabling SAML authentication for details.