Advanced API Security for multiple Apigee organizations and gateways

This pageapplies toApigee andApigee hybrid.

Apigee Advanced API Security is available as an additional add-on for your API hub instance to help you manage and govern the security posture of your APIs across multiple Apigee organizations, environments, and gateways. Leveraging API hub'splugins andcuration capabilities, Advanced API Security offers an unified view that lets you monitor risks, compare configurations, and ensure consistent security standards across your entire API ecosystem.

Key capabilities

Advanced API Security offers the following capabilities when you enable it for your API hub instance:

  • Risk assessment across multiple Apigee organizations, environments, and gateways: assess the security scores for a specific API or for all APIs across all of its deployments in multiple Apigee organizations, environments, and gateways to get a comprehensive understanding of its risk profile.
  • Security profiles: create and manage custom security profiles based on your organization's needs, and apply them consistently across your multiple Apigee environments, organizations, and gateways.

Enable Advanced API Security for your API hub instance

To enable and configure Advanced API Security for your API hub instance, seeConfigure Advanced API Security for multiple Apigee organizations and gateways.

Caution: Pricing for Advanced API Security varies based on your existing Apigee organization license type. We recommend that you use theAdvanced API Security advisor tool to understand your costs before enabling the add-on in your API hub instance.

IAM roles and permissions

To use Advanced API Security, you must have the following IAM roles and permissions:

IAM rolesPermissionsDescription
API Security Admin(roles/apigee.securityAdmin)
  • apigee.securityProfilesV2.create
  • apigee.securityProfilesV2.delete
  • apigee.securityProfilesV2.update
  • apigee.securityProfilesV2.get
  • apigee.securityProfilesV2.list
Provides permissions to create, update, delete, get, and list security profiles.
  • apigee.securityAssessmentResult.compute
Provides permissions to compute security assessment results.
API Security Viewer(roles/apigee.securityViewer)
  • apigee.securityProfilesV2.get
  • apigee.securityProfilesV2.list
Provides permissions to get, list, and view security profiles.
  • apigee.securityAssessmentResult.compute
Provides permissions to compute security assessment results.
API hub Admin(roles/apihub.admin) orAPI hub Add-on Admin (roles/apihub.addonsAdmin)
  • apihub.addons.get
  • apihub.addons.list
  • apihub.addons.manage
Provides permissions to manage add-ons in API hub.
  • apihub.apis.get
  • apihub.deployments.list
Provides permissions to get and list APIs and deployments in API hub.
API hub Viewer(roles/apihub.viewer)
  • apihub.addons.get
  • apihub.addons.list
Provides permissions to get and list add-ons in API hub.
  • apihub.apis.get
  • apihub.deployments.list
Provides permissions to get and list APIs and deployments in API hub.

For information about granting IAM roles, seeGrant or revoke multiple IAM roles using the Google Cloud console.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-05 UTC.