Apigee's policies augment your APIs to control
traffic, enhance performance, enforce security, and increase the utility of your APIs, without
requiring you to write code or modify backend services.
In addition, Apigee provides extension policies that let you implement custom logic in the
form of JavaScript, Python, Java, and XSLT stylesheets.
Policy categories and types
A policy's category indicates the functional area (for example, security or mediation) for the policy.
Policies are shown sorted by category below.
The policy type refers to how the policy can be used in Apigee:
Standard policies are suitable for internal development and lightweight API solutions.
Standard policies can be used with any
environment type.
To see the list of standard policies, see
Standard policies by category.
Extensible policies provide more functionality than standard policies, including for
traffic management, mediation, and security. The extensible policies also
include policies to implement custom logic in the form of JavaScript, Python, Java, and XSLT
stylesheets.
Extensible policies can be used with intermediate and comprehensive environment types
only. Using an extensible policy automatically converts that proxy to an
Extensible proxy,
which could have cost and other implications. Check the
Pay-as-you-go entitlements
and Subscription 2024 for information.
For Pay-as-you-go users, the types of policies you can use in a proxy depend on the
environment types
you plan to deploy that proxy to. See Pay-as-you-go for more information.
If there are two policies, one standard and one extensible, that would both perform the functions
you need, use the standard policy.
Standard policies by category
Following are the categories for the standard policies:
Traffic management policies
Mediation policies
Security policies
Extension policies
Let you control quotas and mitigate the effects of API traffic spikes.
Following are the extensible policies, by category. Proxies with extensible policies can only be
deployed to intermediate and comprehensive environments. Extensible policies are indicated in the user
interface with this icon:
.
Traffic management policies
Mediation policies
Security policies
Extension policies
AI policies
Let you configure caching, control quotas, mitigate the effects of spikes, and
perform other functions related to your API traffic.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eApigee policies enhance APIs by managing traffic, boosting performance, strengthening security, and expanding API functionality without the need for custom coding or modifying backend services.\u003c/p\u003e\n"],["\u003cp\u003eApigee offers both standard and extensible policies; standard policies are for lightweight API solutions and internal development, while extensible policies provide greater functionality for traffic management, mediation, security and custom logic, but require intermediate or comprehensive environment types.\u003c/p\u003e\n"],["\u003cp\u003eStandard policies are categorized into traffic management, mediation, security, and extension, with examples like SpikeArrest for traffic and AccessControl for security.\u003c/p\u003e\n"],["\u003cp\u003eExtensible policies also fall into traffic management, mediation, security, and extension, offering advanced features such as caching and threat protection, and they allow custom logic with JavaScript, Python, Java, and XSLT.\u003c/p\u003e\n"],["\u003cp\u003eThe choice between standard and extensible policies depends on the required functionality and the environment type deployed, with standard policies being preferred if both types can fulfill the necessary functions.\u003c/p\u003e\n"]]],[],null,["# Policy reference overview\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nApigee's policies augment your APIs to control\ntraffic, enhance performance, enforce security, and increase the utility of your APIs, without\nrequiring you to write code or modify backend services.\n\nIn addition, Apigee provides extension policies that let you implement custom logic in the\nform of JavaScript, Python, Java, and XSLT stylesheets.\n\nPolicy categories and types\n---------------------------\n\nA policy's *category* indicates the functional area (for example, security or mediation) for the policy.\nPolicies are shown sorted by category below.\n\nThe policy type refers to how the policy can be used in Apigee:\n\n- **Standard policies** are suitable for internal development and lightweight API solutions. Standard policies can be used with any [environment type](/apigee/docs/api-platform/fundamentals/environments-overview#environment-types). To see the list of standard policies, see [Standard policies by category](#standard-policy-categories).\n- **Extensible policies** provide more functionality than standard policies, including for traffic management, mediation, and security. The extensible policies also include policies to implement custom logic in the form of JavaScript, Python, Java, and XSLT stylesheets. \n\n Extensible policies can be used with intermediate and comprehensive environment types only. Using an extensible policy automatically converts that proxy to an [Extensible proxy](/apigee/docs/api-platform/fundamentals/understanding-apis-and-api-proxies#proxy-types), which could have cost and other implications. Check the [Pay-as-you-go entitlements](/apigee/docs/api-platform/reference/pay-as-you-go-updated-entitlements) and [Subscription 2024](/apigee/docs/api-platform/reference/subscription-entitlements#subscription-2024-entitlements) for information. \n\n To see the list of extensible policies, see [Extensible policies by category](#standard-policy-categories).\n\nFor [Pay-as-you-go](/apigee/docs/api-platform/reference/pay-as-you-go-updated-overview) users, the types of policies you can use in a proxy depend on the\n[environment types](/apigee/docs/api-platform/reference/pay-as-you-go-environment-types)\nyou plan to deploy that proxy to. See [Pay-as-you-go](/apigee/docs/api-platform/reference/pay-as-you-go-updated-overview) for more information.\n\nIf there are two policies, one standard and one extensible, that would both perform the functions\nyou need, use the standard policy.\n\nStandard policies by category\n-----------------------------\n\nFollowing are the categories for the standard policies:\n\nExtensible policies by category\n-------------------------------\n\nFollowing are the extensible policies, by category. Proxies with extensible policies can only be\ndeployed to intermediate and comprehensive environments. Extensible policies are indicated in the user\ninterface with this icon:\n."]]