If you have a restricted VPC environment where external domains need to be allowed, here is a
list of Google Cloud urls that Apigee hybrid may need to connect with during install
and runtime.
Google Cloud URLs for all Apigee hybrid installations
These URLs are used by all Apigee hybrid installations:
URL
Description
apigee.googleapis.com
The runtime uses these APIs to learn which proxies, shared flows,
etc., it should deploy, and to report its current configuration and health.
apigeeconnect.googleapis.com
This APIs is needed for apigee-mart-server and apigee-connect
communication when you have vpc-sc enabled to talk to the control plane.
Contanier images are hosted in Google Container Registry.
iamcredentials.googleapis.com
Required for generating access tokens used
by other Google Cloud API calls. For example, for runtime to make calls to download runtime
contracts from
apigee.googleapis.com, the permission is granted by a service account. So the runtime
needs to get an access token before making the call to apigee.googleapis.com.
logging.googleapis.com
This API is needed for the logging agent to send logs
to Cloud Logging.
monitoring.googleapis.com
Cloud Monitoring service endpoint to export metrics.
oauth2.googleapis.com
Authentication and authorization
pubsub.googleapis.com
The runtime subscribes to a pubsub topic to learn when to
initialize debug sessions.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis document lists the Google Cloud URLs that Apigee hybrid installations may need to access during installation and runtime in a restricted VPC environment.\u003c/p\u003e\n"],["\u003cp\u003eThe listed URLs are categorized into those used by all Apigee hybrid installations and those specific to Anthos installations.\u003c/p\u003e\n"],["\u003cp\u003eURLs like \u003ccode\u003eapigee.googleapis.com\u003c/code\u003e and \u003ccode\u003estorage.googleapis.com\u003c/code\u003e are critical for runtime operations such as deploying proxies and downloading resources.\u003c/p\u003e\n"],["\u003cp\u003eAdditional URLs are required for Apigee hybrid installations on Anthos, with specific details available in the linked Anthos documentation for on-prem and multi-cloud setups.\u003c/p\u003e\n"],["\u003cp\u003eCertain urls are used for specific functionalities, such as \u003ccode\u003eiamcredentials.googleapis.com\u003c/code\u003e for generating access tokens, \u003ccode\u003elogging.googleapis.com\u003c/code\u003e for logging, and \u003ccode\u003epubsub.googleapis.com\u003c/code\u003e for debug sessions.\u003c/p\u003e\n"]]],[],null,["# Google Cloud URLs to allow for Hybrid\n\n| You are currently viewing version 1.13 of the Apigee hybrid documentation. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nIf you have a restricted VPC environment where external domains need to be allowed, here is a\nlist of Google Cloud urls that Apigee hybrid may need to connect with during install\nand runtime.\n\nGoogle Cloud URLs for all Apigee hybrid installations\n-----------------------------------------------------\n\nThese URLs are used by all Apigee hybrid installations:\n\nGoogle Cloud URLs for Anthos installations\n------------------------------------------\n\nAll Apigee hybrid installations on Anthos (on-prem and multi-cloud) use additional Google\nCloud URLs. For more information, see:\n\n- [Proxy and firewall rules\n for Anthos on-prem](/anthos/clusters/docs/on-prem/how-to/firewall-rules)\n- [Proxy\n allowlist for Anthos multi-cloud](/anthos/clusters/docs/multi-cloud/aws/how-to/use-a-proxy#proxy_allowlist_2)"]]
