All guides
    Apigee
    June 9, 2026

    Apigee — Fundamentals & Architecture

    What an API gateway does and how Apigee is built: orgs, environments, proxies, the proxy/target flow pipeline, message processors, and where policies execute.

    #apigee#api-management#architecture
    Share

    Before building proxies, you need the mental model: what Apigee manages, how a request flows, and where your logic runs.

    Why an API gateway

    A gateway is the control point in front of your backends. It centralises what would otherwise be re-implemented in every service: authentication, rate limiting, caching, transformation, logging, and analytics. Backends stay focused on business logic; the gateway enforces policy.

    Apigee's structure

    • Organization (org) — the top-level tenant (maps to a GCP project on Apigee X).
    • Environments — deployment targets within an org (e.g. dev, test, prod). Proxies deploy to environments.
    • Environment groups — map hostnames/domains to environments (Apigee X).
    • API proxy — your managed API: a proxy endpoint (faces clients) and a target endpoint (faces the backend).
    • Revisions — immutable versions of a proxy; you deploy a specific revision.

    Request flow

    flowchart LR C[Client] --> PE[Proxy endpoint - ProxyEndpoint] PE --> PRF[Request flows + policies] PRF --> TE[Target endpoint - TargetEndpoint] TE --> B[Backend service] B --> TR[Target response flow + policies] TR --> PRR[Proxy response flow + policies] PRR --> C

    Each side has a request flow and a response flow, and each flow has PreFlow, conditional flows, and PostFlow segments. Policies attach to steps in these flows — that's where your security, transformation, and traffic logic executes, in order.

    Flows & policies

    • PreFlow — runs first, always (e.g. verify API key, check quota).
    • Conditional flows — run when a condition matches (e.g. proxy.pathsuffix MatchesPath "/orders"). This is how you route per resource.
    • PostFlow — runs last (e.g. logging).

    Policies are declarative XML components (VerifyAPIKey, Quota, OAuthV2, AssignMessage, etc.) attached as steps. You compose behaviour by ordering policies in flows.

    Apigee X vs Edge vs hybrid

    • Apigee X — fully managed on Google Cloud (current default for new projects).
    • Apigee hybrid — management plane in Google Cloud, runtime in your own Kubernetes (data residency / on-prem).
    • Edge — the previous generation (still in use; concepts carry over).

    This course's concepts apply across all; tooling examples target Apigee X.

    Best practices

    • Model environments to your SDLC (dev → test → prod) and never edit live in prod — promote revisions.
    • Keep the proxy thin: the gateway enforces cross-cutting policy; it is not where business logic belongs.
    • Name and version deliberately so revisions and environments are traceable.

    Next: build your first proxy → Building API Proxies →

    Ask about this article

    Get answers grounded in this post. AI-generated — based on this article, and may be imperfect.

    Apigee API Management: Beginner to Advanced· Page 2 of 7
    PreviousApigee API Management: Beginner to Advanced — Course OverviewNext Apigee — Building API Proxies
    Scaled AI Weekly

    Enjoyed this? Get more like it every Monday.

    Real architecture decisions, LLMOps patterns that survive production, and engineering leadership advice — from 12+ years of building at enterprise scale. Free. No spam. Unsubscribe anytime.

    Join engineers building production AI systems

    Back to all guides