Apigee Spaces overview

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

This page describes how to use Apigee Spaces to implement granular Identity and Access Management control over your Apigee organization resources.

Apigee Spaces enables identity-based isolation and grouping of API resources within an Apigee organization. With Apigee Spaces, you can have granular IAM control over access to your API proxies, shared flows and API products.

You can create multiple Spaces in the same organization for different teams, development projects, or environments and set the IAM controls for each Space. Any API resources created under a Space will inherit the IAM policies applied to that Space.

When to use Apigee Spaces

Managing IAM permissions for multiple teams working within a single Apigee organization can be complex. Using Spaces can simplify IAM administration with granular controls and simplified permissions for accessing organization resources.

With Spaces, you can host multiple teams in an Apigee organization where:

  • Each team maintains their own independent set of API proxies, shared flows, and API products.
  • Team members have read/write access to the set of API proxies, shared flows, and API products.
  • Members of another team can be granted specific access (read, or read/write, or trace/debug access) to one or more of the API proxies, shared flows, or API products.
  • Multiple teams can access a common set of API proxies, shared flows, and API products with fine-grained permissions.

Apigee Spaces can be used with Apigee Subscription and Pay-as-you-go organizations, including Apigee hybrid-enabled organizations. Spaces can be used with Apigee organizations that have data residency enabled. Apigee hybrid organizations must use hybrid version 1.13 or higher. For information on upgrading to version 1.13, see Upgrade your Apigee hybrid organization.

Benefits of Apigee Spaces

There are several benefits to using Apigee Spaces, including:

  • Improved security: Using Spaces can improve security by allowing you to control access to resources at a granular level. You can grant different users and groups access to different Spaces, and control which resources are available in each Spaces. This helps isolate and protect access to sensitive data or resources.
  • Simplified management: Spaces can help you simplify your management tasks by providing a way to logically group your resources. You can manage all of the resources in a Space together, and you can easily see which users and groups have access to each resource.
  • Increased flexibility: Spaces give you flexibility in how you manage your Apigee resources. You can create as many Spaces as you need and you can move resources between spaces as needed, letting you adapt to changing needs.

Spaces provide the ability to introduce resource isolation at a team level, providing a clear separation of resources associated with different teams operating within the same Apigee organization. In addition, IAM policies can be applied at the Space level, eliminating the need to manage permissions individually for every API proxy, shared flow, and API product.

Limitations

The following limitations apply to Apigee Spaces:

  • To use Apigee Spaces, Apigee hybrid customers must use hybrid version 1.13 or higher. For information on upgrading to version 1.13, see Upgrade your Apigee hybrid organization.
  • Apigee Spaces is not supported in the Classic Apigee UI. To view Spaces and manage Space resources, use the Apigee UI in Cloud console or the API.
  • The Apigee UI in Google Cloud console can't be used to perform the following actions:
    • Create, get, update, delete, or list Spaces
    • Manage IAM policies for Spaces

    These actions must be performed using the API.

  • The following limits apply when using Apigee Spaces:
    • There is a maximum of 20 Spaces per Apigee organization.
    • There is a limit of 10 queries per second (QPS) for list operations for API proxy, API product, and shared flow endpoints.

    For more information about Apigee limits, see Limits.

What's next