Managing API products
This pageapplies toApigee andApigee hybrid.
View Apigee Edge documentation.
API products bundle your APIs and make them available to app developers for consumption. For anoverview of API products, seeWhat isan API product?
Exploring the API products overview page
TheProducts overview page displays all of your API products and some details about eachone. From this page you can create a new API product, delete a product, or select one to view or edit.
To access theProducts overview page in the Apigee in Cloud console:
The Products UI lets you perform the following common tasks:
- Add an API product
- Edit an API product
- Search the list of API products
- Delete an API product
These tasks are described in the following sections.
Create an API product
This section describes how to create an API product using the Apigee UIs.
To create an API product using the Apigee UI:
Go to theProducts overview page:
- Click+ Create. The product configuration page displays.
- Configure the API product. The parts of the product configuration page include the following:
- Product details: Basic information about the API product such as its name, access level (private, public, or internal), and OAuth scopes.
- Operations: Groups of API proxies, resource paths, and HTTP methods supported by this API product. You can also define quotas limits for each operation.
- GraphQL Operations:Groups of API proxies, resource paths, and GraphQL operation types supported by this API product. Supported GraphQL operation types include queries and mutations. You can specify one type or the other, or both. Just like for REST-based API proxies, you can define quota limits on each operation.
- gRPC Operations:Specify gRPC API proxies and gRPC methods supported by this API product. Just like for REST-based API proxies, you can define quota limits on operations.
- Custom attributes: Key/value pairs that help you control API proxy execution.
Each of these main parts are described in the sections below.
- When you're done, clickSave. Apigee creates the new API product. You can now attach the product to a Developer app. SeeControlling access to your APIs by registering apps. For additional examples, seeSecure an API by requiring API keys andSecure an API with OAuth.
Product details
In theProduct details section, enter basic information about your new API product. The following table describes the fields in this section:
| Field | Required? | Description |
|---|---|---|
Name | Required | Defines the internal name of the API product. You use this value in calls to the Apigee API that reference the API product. The value of the For example, Name of an API product after you create it. |
Display name | Required | Defines the name used in the Apigee UI for the API product. You can edit the display name of the API product at any time. The For example, |
Description | Optional | A string that can help you remember the purpose or function of the API product. The description can include special characters. For example, |
Space | Optional | If your organization has Apigee Spaces enabled, you can associate the API product with a Space selected from the list of available options. For more information, seeApigee Spaces overview. |
Environment | Optional | Identifies which environments the API product allows access to. If no environments are specified then all environments are allowed by the API Product. The environments that you select in this field restrict access to API proxies based on where they are deployed. For example, if API proxy A is deployed to both the |
Access | Required | The access level given to users of this API product. For details, seeAccess levels. |
Automatically approve access requests | Optional (defaults to selected) | Enables automatic approval of key requests that come in for this API product from any app. To require manual key approval, disable this option. The default is selected, which means this API product automatically approves key requests. If you select manual key approval, you must approve key requests that come in from any app that uses this API product. To manually approve keys:
For more information, seeRegistering apps and managing API keys. |
Quota | Optional | Defines limits on the number of requests allowed for this API product. This value applies to the sum of all operations' requests for this API product. This value is superseded by more specific quota limits set on operations that you define on the API product. Entering a quota value does not automatically enforce restrictions on the number of calls that can be made through the API product. You must also add theQuota policy to API proxies that are referenced by the API product. For more information, seeQuotas. |
Allowed OAuth scope | Optional | If you are using OAuth with the API product, enter a comma-separated list of OAuth scopes that you want the API product to allow (such as Read or other scopes that apps send with their API calls). For more information, seeOAuth scopes. |
Operations
Specify operations allowed on an HTTP-based API proxy, including resource paths, HTTP methods, and quotas. Operations let you control which REST methods and have access to which resource paths in an API product, and how many such calls can be made (with Quota).
To configure operation details, click+ ADD AN OPERATION in theOperations section. TheOperation view displays.
| Field | Required? | Description |
|---|---|---|
API proxy | Required | Select the API proxy to associate with this operation. |
Path | Required | Enter the resource path for the operation. You can use the operation path to allow or disallow requests to specific URIs. For example, if you set the operation's source to the In this case, calls to Note that there are special rules for wildcards in resource paths, as described inConfiguring resource paths. |
Methods | Optional | Select one or more HTTP request methods in the drop-down list. (These methods are sometimes known asHTTP verbs.) Apigee allows requests to the API proxy that only match the methods you select. The default is no selection, which allows requests with any HTTP methods. If you do not select at least one method, Apigee inserts For information about the functionality of the HTTP request methods, seeHTTP request methods. |
Quota | Optional | Specify quota limits for this operation. For details on how quotas are counted, seeUnderstanding quota counters. |
Custom attributes | Optional | SeeCustom attributes. |
GraphQL Operations
To configure GraphQL operation details, click+ ADD AN OPERATION in theGraphql Operations section. TheOperation view displays. See alsoUsing GraphQL.
| Field | Required? | Description |
|---|---|---|
API proxy | Required | Select the API proxy to associate with this operation. |
Operation name | Required | Specify a name for the operation |
Operation type | Optional | Select one or more GraphQL operation types in the drop-down list. Apigee allows requests to the API proxy that only match the operation types you select. The default is no selection, which allows requests with any operation type. If you do not select at least one type, Apigee inserts For information about the functionality of the GraphQL operation types, seeQueries and Mutations. |
Quota | Optional | Specify quota limits for this operation. This quota supersedes the quota set on the API product. SeeQuota. |
Custom attributes | Optional | SeeCustom attributes. |
gRPC Operations
To configure gRPC operation details, click+ ADD AN OPERATION in thegRPC Operations section. TheOperation view displays. See alsoCreating gRPC API proxies.
SeeCreating gRPC API proxies for information on gRPC proxy support.| Field | Required? | Description |
|---|---|---|
API proxy | Required | Select the API proxy to associate with this operation. |
Service name | Required | Specify a name for the operation. For the current release, there is no option to provide the target server name. (The service name and the target server are the same.) |
gRPC methods in service | Optional | Enter the available gRPC methods, using a comma-separated list for multiple methods. |
Quota | Optional | Specify quota limits for these operations. This quota supersedes the quota set on the API product. SeeQuota. |
Custom attributes | Optional | SeeCustom attributes. |
Custom attributes
Custom attributes are key/value pairs that can be used in many ways, including helping control API proxy execution.
In total, an API product can have up to 18 custom attributes, including those set on operations.
For example, you can create a custom attribute calleddeprecated with a value oftrue orfalse. In your API proxy flow, you can check the value of the API product'sdeprecated attribute. If its value istrue, you can throw an error with theRaiseFault policy because you want that operation to behave as if it is deprecated and no longer supported.
verifyapikey.POLICY_NAME.apiproduct.ATTRIBUTE_NAME
access. This attribute name is reserved for use by Apigee and will cause an error if used.Quota
You can define the quota settings for the API product or per operation scope. There are three fields that you must specify when you define a quota:
- The maximum number of requests to allow from a developer app for the specified period. This field corresponds to the
<Allow>element in a Quota policy. - The reset time interval of the quota. This field corresponds to the
<Interval>element in a Quota policy. - The reset periodunit (or time unit), such as day, week, or month. This field corresponds to the
<TimeUnit>element in a Quota policy.
This example sets a limit of 1,000 requests to the API product per day, by adding:
- 1000 for the maximum number of requests.
- 1 for the reset time interval.
- day for the reset period unit.
When you define a quota for an operation, you are required to enter values for all three fields in theQuota section.
You can define a distinct quota for each operation. If an operation specifies multiple HTTP methods, the quota applies for all of the methods on that operation. To allow distinct quotas for each method, define multiple operations with a single method on each operation.
If you set these values in both theQuota policy and on the API product (in the UI as described here or with theAPI products API, the API product UI/API settings take precedence.
Configuring resource paths
Note the following rules for resource paths:
/: Indicates that the base path and all subpaths of the base path are supported./**: Indicates that all subpaths of the base path are supported (but not the base path)./*: Indicates that only URIs one level down from the base path are supported.- Resource paths specified on the API product or on its operations apply to all API proxies added to the API product.
- More inclusive,less specific resource paths take precedence over those that are more specific. For example, if you add
/and/**, the/resource path takes precedence and the/**resource path is ignored.
Using wildcards in resource paths
It is important to note that in Apigee's resource path definitions, a single asterisk (*) or double asterisk (**)is not permitted aspart of a path segment's name (for example,/abc*/a), but is permitted when used as afull path segmentto represent a wildcard (for example,/*/a) or a greedy path match (for example,/abc/**).
For example:
- Valid:
/*/aor/abc/**. The wildcard is its own subpath. - Invalid:
/abc/*aor/abc*/a. The wildcard is combined with other characters in the subpath.
This rule ensures that the wildcard is interpreted as a clear and explicit placeholder for an entire path segment, rather than a pattern to be matched within a single path segment's name.
Default behavior of resource paths
The following table shows the default behavior of an API product for different resource paths. In this example, the API proxy has a base path of/v1/weatherapikey. The API product resource path applies to the path suffix after the base path.
| Request URI | Allowed for/ | Allowed for/* | Allowed for/** | Allowed for/*/2/** | Allowed for/*/2/* |
|---|---|---|---|---|---|
/v1/weatherapikey | |||||
/v1/weatherapikey/ | |||||
/v1/weatherapikey/1 | |||||
/v1/weatherapikey/1/ | |||||
/v1/weatherapikey/1/2 | |||||
/v1/weatherapikey/1/2/ | |||||
/v1/weatherapikey/1/2/3/ | |||||
/v1/weatherapikey/1/a/2/3/ |
A resource path of/ in an API product supports the base path and all subpaths. For example, if the base path of the API proxy is/v1/weatherapikey, then the API product supports requests to/v1/weatherapikey and to any subpaths, such as/v1/weatherapikey/forecastrss,/v1/weatherapikey/region/CA, and so on.
For additional information, seeMaking sense of API Product configuration.
Editing an API product
Note: To improve performance, API product information, such as resource path definitions, are cached for a short time (approximately five minutes). As a result, edits that you make to an API product may not take effect immediately.To edit an API product:
Go to theProducts overview page:
- Click in the API product row that you want to edit. Apigee displays the API product details.
- Click EDIT.
Edit the API product's settings, as required.
You cannotedit an existing API resource. Instead, you must delete the API resource and add a new version with the corrected values if you want to change it.
You might delete a resource if it is malfunctioning or requires more development. When deleted, that resource is no longer part of the current API product. Any app that uses the API product can no longer access the deleted resource. Deleted resources are removed from an API product but are not deleted from the system, so they can still be used by other API products.
- (Optional) If Apigee Monetization is enabled, create a rate plan for the API product by clickingAdd rateplan.
ClickSave.
Your changes take effect within a short period of time (approximately five minutes).
Deleting an API product
Note: To improve performance, API product information such as resource path definitions are cached for a short period of time (approximately five minutes). As a result, when you delete an API product, it may not take effect immediately.Before you can delete an API product, you must unregister/unassociate any developer apps associated with the product. You can do so by eitherdeleting the apps orrevoking the app API keys.
To delete an API product:
Go to theProducts overview page:
- Open theActions menu in the API product row to delete and selectDelete.
- After you confirm the delete operation, the deletion takes effect within a short period of time (approximately five minutes).
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-17 UTC.