If you have a restricted VPC environment where external domains need to be allowed, here is a
list of Google Cloud urls that Apigee hybrid may need to connect with during install
and runtime.
Google Cloud URLs for all Apigee hybrid installations
These URLs are used by all Apigee hybrid installations:
URL
Description
apigee.googleapis.com
The runtime uses these APIs to learn which proxies, shared flows,
etc., it should deploy, and to report its current configuration and health.
apigeeconnect.googleapis.com
This APIs is needed for apigee-mart-server and apigee-connect
communication when you have vpc-sc enabled to talk to the control plane.
Contanier images are hosted in Google Container Registry.
iamcredentials.googleapis.com
Required for generating access tokens used
by other Google Cloud API calls. For example, for runtime to make calls to download runtime
contracts from
apigee.googleapis.com, the permission is granted by a service account. So the runtime
needs to get an access token before making the call to apigee.googleapis.com.
logging.googleapis.com
This API is needed for the logging agent to send logs
to Cloud Logging.
monitoring.googleapis.com
Cloud Monitoring service endpoint to export metrics.
oauth2.googleapis.com
Authentication and authorization
pubsub.googleapis.com
The runtime subscribes to a pubsub topic to learn when to
initialize debug sessions.
serviceusage.googleapis.com
Inspect and manage quota for service consumers on Google Cloud
Platform. Required by Anthos Service Mesh
storage.googleapis.com
The runtime downloads proxies, shared flows, resource files, and
keystore aliases from Google Cloud Storage in tenant project.
sts.googleapis.com
The Security Token Server providers API method for third party developers
to exchange third party credentials to Google Cloud Platform tokens.
www.googleapis.com
Needed for installing Apigee hybrid on Anthos.
Google Cloud URLs for Anthos installations
All Apigee hybrid installations on Anthos (on-prem and multi-cloud) use additional Google
Cloud URLs. For more information, see:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-20 UTC."],[[["\u003cp\u003eThis documentation covers version 1.10 of the Apigee hybrid documentation and lists Google Cloud URLs required for Apigee hybrid to connect during installation and runtime.\u003c/p\u003e\n"],["\u003cp\u003eThe listed URLs are used by all Apigee hybrid installations, facilitating functions such as deploying proxies, reporting configuration, logging, monitoring, authentication, and managing quotas.\u003c/p\u003e\n"],["\u003cp\u003eSome URLs, like \u003ccode\u003ebinaryauthorization.googleapis.com\u003c/code\u003e, are optional and only required for specific configurations, such as when binary authorization is enabled in Anthos.\u003c/p\u003e\n"],["\u003cp\u003eURLs like \u003ccode\u003estorage.googleapis.com\u003c/code\u003e are essential for the runtime to download resources, while \u003ccode\u003ests.googleapis.com\u003c/code\u003e is used for third-party credential exchange.\u003c/p\u003e\n"],["\u003cp\u003eInstallations on Anthos also require additional Google Cloud URLs, as detailed in the linked proxy and firewall rule documentation for Anthos on-prem and multi-cloud.\u003c/p\u003e\n"]]],[],null,[]]