Search the Community

Today’s application and integration landscape has ushered in an unprecedented proliferation of APIs. Already, more than 90% of developers use APIs with everything from small-scale apps to mission-critical operations. As a result, organizations often find themselves juggling multiple API gateways, leading to operational, security, and maintenance overhead. So it’s no surprise that a one-size-fits-all approach API management doesn’t meet most organizations’ needs. To better address customer needs, we introduced Pay-as-you-go pricing for Apigee in August 2022, allowing customers to flexibly manage their API management costs. While adoption has been strong, customers also tell us they would like to onboard at a lower cost and have more flexibility to rightsize their ongoing expenses with their usage. Today, we're excited to announce updates to our pricing models, which will ensure: Consistent pricing attributes across Apigee Pay-as-you-go and Subscription models Increased granularity in Pay-as-you-go pricing With these enhancements, you can now accurately tailor your expenses according to your Pay-as-you-go usage and easily shift to Subscription pricing as your needs scale... View the full article

We’re thrilled to announce that Gartner has recognized Google Cloud’s Apigee as a Leader in the 2022 Magic Quadrant for Full Life Cycle API Management, the seventh time in a row we’ve been recognized. We believe we are consistently recognized for the depth of our capabilities to help organizations monetize their data by creating external-facing API products and providing highly customizable developer portals. In this year’s report, Apigee has once again placed highest among the evaluated vendors for our ability to execute. At a time when organizations are in a bind with increasing pressure from disruptors and economic headwinds, IT teams are increasingly relying on APIs to do more with less. As the business value and critical volume of APIs increase, providing the right controls for development and operations teams is vital for our customers’ operational success - it’s a challenge we take very seriously and are honored by the recognition from our customers, users, and community. Year over year, API traffic and usage grows rapidly because APIs enable easier and more standardized delivery of services and data - and this in turn enables business growth. In fact research shows that organizations that adopt external APIs grow 38% faster than those that don’t. We believe that one of the reasons that the Gartner Magic Quadrant in API management is so competitive and highly valued is that building, managing, and securing APIs at scale is an immense challenge - finding the right vendor is a technology decision with a significant business impact. The Magic Quadrant helps you quickly ascertain how well technology providers are executing their stated visions and how well they are performing against Gartner market view. This report can be valuable in making the best API Management decision for your organization. Customers like Jackon National, Renault, Booking.com, L'Oreal, and Cathay Financial Holdings trust Apigee as their API Management partner. Our mission is to help our customers build an API strategy that drives organizational growth and digital excellence. We know that APIs are no longer just the connective tissue of applications, they’re now products that deliver unique customer experiences and revenue streams. While we believe we have been recognized for the investments we make day in and day out, we’re only getting started when it comes to Apigee product innovation. We’re continuing to invest in a few key areas: Commercial model flexibility - In August we launched Pay-as-you-go, a new consumption based pricing model that can enable you to unlock the value of Apigee with little upfront investment. While Apigee subscriptions continue to offer pricing predictability and can be cost effective at scale, Pay-as-you-go now lets you experiment with the flexibility to pay only for what you use, just like other Google Cloud products. We’re continuing to better align our commercial models to the needs of our customers. API Governance - We know from your feedback that easily discovering all the APIs in your organization and applying governance policies can generally be the best way to enable rapid , safe growth. That’s why this year we introduced a public preview of Apigee API hub, a universal API catalog that accommodates APIs of across styles (OpenAPI, gRPC/protobuf, AsyncAPI, SOAP/WSDL, GraphQL, etc) and lifecycle stages or gateway choices. We’re looking forward to enhancing this functionality at general availability. API Security - The rise in API traffic has unfortunately been accompanied by growth in malicious API attacks - API security is becoming the new battleground for business security. This year we released a feature of Apigee called Advanced API Security that helps make it easier to secure APIs by automating bot detection and identification of misconfigured APIs. We’re continuing to invest in API security with the urgency it demands, including leveraging Google Cloud’s AI/ML portfolio. Developer experience - Our users and their feedback are the very reason we’re here today - we’re never finished improving their experiences. For example, this year we launched the Apigee Cloud Code extension for VS Code, which enables API developers to build and test their Apigee API Proxies locally without connecting to a live Apigee Instance. These locally developed artifacts can then be staged for deployments as part of regular SDLC automation. We’re also continuing to invest in helping to make it easier to use Apigee with other products at Google Cloud - for example, customers can benefit from new integrations with Cloud Armor, and Anthos Service Mesh. Integration - The number of SaaS and custom built applications in use for business processes has continued to sky rocket. Now, organizations are faced with integrating these systems - which often requires time consuming custom coding and a full team of integration platform engineers. This is why we’re continuing to invest in Apigee Integration,which can improve productivity and agility by enabling you to create and configure new business process integrations - without code. In fact, we recently released a preview of Application Integration, the next generation of Apigee’s integration functionality, with core integration tools to help connect and manage the multitude of applications and data required to support business operations. We believe the Gartner Magic Quadrant is a good source of vendor evaluations, and we’re delighted that our ongoing investment in supporting our customers was recognized in this report. Most importantly, we’re thankful to our customers for the support and for sharing our belief that for Apigee, the best is yet to come. Download the full report here (requires an email address) or learn more about Apigee. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and Magic Quadrant are registered trademarks and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Google. Related Article Introducing Pay-as-you-go pricing for Apigee API Management Access Apigee API management with no upfront commitment while maintaining flexibility to manage costs. Read Article

Organizations in every region and industry are developing APIs to enable easier and more standardized delivery of services and data for digital experiences. This increasing shift to digital experiences has grown API usage and traffic volumes. However, as malicious API attacks also have grown, API security has become an important battleground over business risk. To help customers more easily address their growing API security needs, Google Cloud is announcing today the Preview of Advanced API Security, a comprehensive set of API security capabilities built on Apigee, our API management platform. Advanced API Security enables organizations to more easily detect security threats. Here’s a closer look at the two key functionality included in this launch: identifying API misconfigurations and detecting bots. Identify API misconfigurations Misconfigured APIs are one of the leading reasons for API security incidents. In 2017, Gartner® predicted that by 2022 API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. Today, our customers tell us application API security is one of their top concerns, which is supported by an independent study from 2021 by Fugue and Sonatype. The report found that misconfigurations are the number one cause of data breaches, and that “too many cloud APIs and interfaces to adequately govern” are frequently the main point of attack in cyberattacks. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process can be time consuming and require considerable resources. Advanced API Security can make it easier for API teams to identify API proxies that do not conform to security standards. To help identify APIs that are misconfigured or experiencing abuse, Advanced API Security regularly assesses managed APIs and provides API teams with a recommended action when configuration issues are detected. Advanced API Security identifies misconfigured API proxies, including the missing CORS policy. APIs form an integral part of the digital connective tissue that make modern medicine run smoothly for patients and healthcare staff. One common healthcare API use case occurs when a healthcare organization inputs a patient's medical coverage information into a system that works with insurance companies. Almost instantly, that system determines the patient's coverage for a specific medication or procedure, a process which is enabled by APIs. Because of the often-sensitive personal healthcare data being transmitted, it is important that the required authentication and authorization policies are implemented so that only authorized users, such as an insurance company, can access the API. Advanced API Security can detect if those required policies have not been applied, an alert which can help reduce the surface area of API security risks. By leveraging Advanced API Security, API teams at healthcare organizations can more easily detect misconfiguration issues and can reduce security risks to sensitive information. Detect Bots Because of the increasing volume of API traffic, there is also an increase in cybercrime in the form of API bot attacks—the automated software programs deployed over the Internet for malicious purposes like identity theft. Advanced API Security uses pre-configured rules to help provide API teams an easier way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address. If an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. Additionally, Advanced API Security can speed up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code. Advanced API Security helps visualize Bot traffic per API proxy. Financial services APIs are frequently the target of malicious bot attacks due to the high-value data that is processed. A bank that has adopted open banking standards by making APIs accessible to customers and partners can use Advanced API Security to make it easier to analyze traffic patterns and identify the sources of malicious traffic. You may experience this when your bank allows you to access your data with a third-party application. While a malicious hacker could try to use a bot to access this information, Advanced API Security can help the bank’s API team to identify and stop malicious bot activity in API traffic. API Security at Equinix Equinix powers the world’s digital leaders, bringing together and interconnecting infrastructure to fast-track digital advantage. Operating a global network of more than 240 data centers with a 99.999% or greater uptime, Equinix simplifies global interconnections for organizations, saving customers time and effort with the Apigee API management platform. “A key enabler of our success is Google’s Apigee, delivering digital infrastructure services securely and quickly to our customers and partners,” said Yun Freund, senior vice president of Platform at Equinix. “Security is a key pillar to our API-first strategy and Apigee has been instrumental in enabling our customers to securely bridge the connections they need for their businesses to easily identify potential security risks and mitigate threats in a timely fashion. As our API traffic has grown, so has the amount of time and effort required to secure our APIs. Having a bundled solution in one managed platform gives us a differentiated high-performing solution.” Getting started To learn more, check out the documentation or contact us to request access to get started with Advanced API Security. To learn more about API security best practices, please register to attend our Cloud OnAir webcast on Thursday, July 28th, 2:00 pm PT. Gartner, API Security: What You Need to Do to Protect Your APIs, Mark O'Neill, Dionisio Zumerle, Jeremy D'Hoinne, 28 August 2019 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Related Article CISO Perspectives: June 2022 Google Cloud CISO Phil Venables shares his thoughts on the RSA Conference and the latest security updates from the Google Cybersecurity A... Read Article

Information security has become headline news on a daily basis. You have probably heard of security risks ranging from malicious bots used in schemes both big and small, to all-out "software supply chain attacks" that involve large-name enterprises and their customers, and that ultimately affect numerous governments, organizations, and people. As businesses expand their digital programs to serve their customers via online channels and to operate from anywhere with a global remote workforce, such security attacks are expected to become more common. Because application programming interfaces (APIs) are fundamental components of an enterprises’ digital programs, connecting the data and functionality that power various apps and services, they are also vectors of malicious attacks--as well as sources of insights that enterprises can use to better understand attack patterns and how to thwart them. Our State of the API Economy 2021report found a 172% rise in abusive traffic and a 230% increase in enterprises’ use of anomaly detection, bot protection, and security analytics features. As agile, smart, and proactive digital security mechanisms have become the cost of doing business, API security has become an indispensable part of an enterprise’s IT security portfolio--and as this article explores, our recent release of Apigee X makes API security even more powerful. Multi-layer API security with Apigee and Google Cloud Armor APIs are the doors to various digital assets--and every door needs a lock to keep what’s behind it safe and protected from unauthorized access. Therefore, to help organizations secure APIs to the highest level, Google Cloud has brought together Apigee and Cloud Armor, combining industry-leading API management and web application firewall technologies. With Apigee X, the latest release of Google Cloud’s full lifecycle API management platform, customers can easily and seamlessly apply Cloud Armor web application firewall (WAF) to APIs, adding another layer of security to ensure that corporate digital assets are accessed only by authorized users. For companies such as AccuWeather, a global leader in weather data and forecasting, APIs have been essential to both building new applications and monetizing data and functionality for outside developers, so those communities can innovate with AccuWeather assets as well. With this new expanded surface area from their APIs, AccuWeather needed robust security to manage and secure its digital assets. “Over the last decade, AccuWeather has continued to transform as a digital solution for serving business customers with the most accurate and useful weather information using APIs. With Apigee’s strategic partnership and comprehensive API management platform, we were able to design, develop, and launch our industry-leading APIs in a few short weeks.” said Chris Patti, Chief Technology Officer at AccuWeather. “Today, we serve over 50 billion API calls per day. As many organizations embrace their own digital solutions, they are increasingly adopting API-first strategies for accelerated transformation. With the new Apigee X release, we can foresee furthering our API programs with the best of Google capabilities like reCaptcha, Cloud Armor, and Content Delivery Network (CDN) for global scale, performance and security.” Apigee and Cloud Armor together help secure your APIs at multiple levels. Click to enlarge While Apigee X includes OAuth (Open Authorization), API keys, role-based access and many other API-level security features, Cloud Armor offers network and application security such as DDoS (Distributed Denial of Service) protection, geo-fencing, mitigation of OWASP (Open Web Application Security Project) Top 10 risks, and custom Layer-7 filtering. With Apigee X and Cloud Armor, developers enjoy integrated, out-of-the-box security capabilities to protect their APIs at multiple levels. Click to enlarge Customers can also easily leverage Cloud Identity and Access Management (IAM) for authenticating and authorizing access to the Apigee platform as well as to gain more control over encrypted data with customer-managed encryption keys (CMEK). Apigee X and Cloud Armor deliver powerful protection for applications and APIs against threats and fraud. These products are also available as part of our WebApp and API Protection (WAAP) solution that adds anti-bot and anti-abuse measures from reCAPTCHA Enterprise. Security is a moving target, with attackers and new vulnerabilities emerging all the time--but with a multi-layer approach to API security, enterprises can trust that they can quickly leverage APIs for new digital services and experiences without compromising security along the way. To learn more about Apigee X, and see Apigee and Cloud Armor in action, check out this video Related Article How leading enterprises use API analytics to make effective decisions Explore why API monitoring and analytics are essential to successful digital transformation initiatives Read Article

We’re excited to share that Gartner has recognized Google (Apigee) as a Leader in the 2020 Magic Quadrant for Full Life Cycle API Management, marking the fifth time in a row we’ve earned this recognition. In this year’s report, Google (Apigee) is placed highest among all the vendors for the ability to execute. Download the full report here. APIs are critical to enterprise business strategy because they let developers easily access, combine, and share valuable data and functionality, helping organizations adapt to disruption and reinvent to meet the digital needs of customers. Therefore, partnering with the right API management vendor is critical to building and scaling a successful API program, and we believe research from industry analyst firms like Gartner can help enterprises evaluate and choose the right solution. We continue to be trusted by customers like Pitney Bowes and Experian for their most mission-critical programs. As part of our vision to accelerate enterprise digital transformations through APIs, Google (Apigee) is focused on enabling customers with comprehensive API management capabilities to accelerate application development, build API-powered digital ecosystems, and drive API economies. Building a platform business: API monetization enables enterprises to unlock additional revenue streams and create ecosystems of developers and partners outside of the organization. By sharing valuable data and functionality with partners, enterprises can create more compelling digital products that combine their proprietary assets with complementary assets from outside the organization. This not only creates richer experiences for customers but can also expose a business to new channels and open new strategic opportunities. Flexibility of multi-cloud and hybrid: For compliance, security, or stringent latency requirements, Apigee hybrid provides enterprises the flexibility to choose where to host APIs —on-premise, Google Cloud, hybrid cloud, or multi-cloud. Fostering an API-first mindset: Google Cloud API Gateway helps enterprises get started with their API programs, and lets developers secure and manage their APIs built on Compute Engine, GKE, App Engine, and serverless backends (Cloud Functions and Cloud Run), all without having to worry about any of the infrastructure configuration or scaling. Democratizing application development: As a part Business Application Platform, we arebringing together Apigeefull lifecycle API management and AppSheet no-code application development to empower all users to quickly build data-driven applications without coding. As a part of this vision, we recently launched Apigee data source for AppSheet to provide a consistent way for AppSheet users to consume services, data, and functionality, via APIs, despite complex backends. "Apigee has become the central nervous system for all communications between the digital core banking, the microservices, the front end, and the apps. Apigee has become our sun. Everything rotates around Apigee," says Kaspar Situmorang, executive vice president, Bank Rakyat Indonesia. We also continue to provide strategic guidance and best practices for our customers with the Apigee Compass online assessment tool, That Digital Show podcast, API Program Excellence e-learning series, Day Zero initiative, and more. We’re gratified to see Apigee positioned as a strategic partner for digital transformation in the latest Magic Quadrant. This reflects why large global brands like AccuWeather, Royal Bank of Canada, ABN Amro and Change Healthcare can trust Apigee to drive their API programs. Underscoring the strong business growth and customer momentum, Gartner also ranked Google (Apigee) as the leader in its latest Market Analysis for the fourth consecutive year: Full Life Cycle API Management, Worldwide, 2019 report (Published 27 July 2020). The Gartner 2020 Magic Quadrant for Full Life Cycle Management is available for download here (requires an email address). To learn more about Apigee, visit the website here. Gartner, Magic Quadrant for Full Life Cycle API Management, 22 September 2020, Paolo Malinverno, Kimihiko Iijima, Mark O'Neill, John Santoro, Shameen Pillai, Akash Jain Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.