Enterprise API Management: Apigee X and GenAI Strategies

Dive into the heart of Apigee X with this essential lecture on the Data Plane. Understand its critical role in handling every API request and response in real-time. This section will demystify the core architecture, differentiate the Data Plane from the Management Plane, and walk you through the fundamental process of API traffic flow. You'll gain clear insights into the key components like Routers and Message Processors, and see how vital policies are enforced to ensure security, performance, and reliability for your APIs. Master the foundational knowledge of how Apigee X truly works under the hood.

Key Learning Outcomes:

• Understand the fundamental role and architecture of the Apigee X Data Plane.

• Identify and explain the functions of Data Plane components: Routers and Message Processors.

• Trace the lifecycle of an API request through the Data Plane, from ingress to backend communication.

• Comprehend how various policies are enforced in real-time by the Data Plane.

Building on the core understanding, this lecture explores advanced functionalities of the Apigee X Data Plane and its transformative synergy with Generative AI. Discover sophisticated concepts like the Extension Processor, expanding Apigee's policy enforcement capabilities. Most importantly, learn how to strategically integrate GenAI models and applications, leveraging the Apigee X Data Plane as an intelligent, secure, and high-performance gateway. Explore practical use cases like intelligent routing, advanced threat detection, semantic caching, and automated policy optimization powered by AI, unlocking new levels of innovation and efficiency for your enterprise APIs.

Key Learning Outcomes:

• Explore advanced Data Plane concepts like the Apigee Extension Processor.

• Understand the strategic value of integrating Generative AI with the Apigee X Data Plane.

• Identify key use cases for leveraging GenAI within API management, including intelligent routing, security, and caching.

• Appreciate the significant benefits of a well-managed, AI-enhanced Data Plane for enterprise API strategies.

This lecture explores essential API management strategies for modern enterprises that operate across diverse and complex IT environments. You will delve into the core differences between a Hybrid Cloud model, which integrates on-premises infrastructure with public cloud services , and a Multi-Cloud strategy, which uses services from multiple different vendors.

What you'll learn:

• Clearly differentiate between Hybrid and Multi-Cloud deployment strategies.

• Understand the architecture of Apigee Hybrid, with its Google Cloud-hosted management plane and self-hosted runtime.

• Learn the key benefits of a hybrid approach, including data sovereignty, reduced latency, and leveraging existing infrastructure.

• Discover how to use Apigee X to manage APIs across multiple cloud services like AWS and Azure to avoid provider lock-in.

• Explore how Generative AI can automate API generation, create policies, and detect anomalies across cloud environments.

• Gain a decision-making framework to choose the optimal deployment strategy for your organization's unique needs.

In this lecture, we dive into one of the most powerful features of Apigee X—Policies. You'll learn how these pre-built, declarative configurations let you secure APIs, control traffic, transform messages, and extend functionality without writing complex code.

We explore each policy category—Traffic Management, Security, Mediation, and Extension—hands-on XML examples, and common use cases. You’ll also understand where and how policies are attached within the API proxy flow using PreFlow, PostFlow, and Conditional flows.

By the end of this session, you’ll be ready to:

• Implement SpikeArrest, Quota, and ResponseCache policies

• Apply key security controls using VerifyAPIKey and OAuth

• Use mediation tools like AssignMessage and JSON/XML converters

• Add custom logic with JavaScript, JavaCallout, and ServiceCallout policies

This lecture sets the foundation for the hands-on lab exercise that follows.

In this lecture, you’ll complete both Part 1 and Part 2 of Lab 1. Download the Complete Lab Guide (Parts 1–2) (pdf) below before watching the video.

This is a walkthrough live demo of the lab. This video lecture includes Apigee Eval organisation setup with free US$ 300 credit and navigating through the critical parts of the Google Cloud console. Please see the downloadable pdf guide in the resources for practicising in your own time.

Download the Lab02 Part 1 Guide (PDF) before starting.

You’ll learn to create and deploy your first simple API proxy in Apigee X.

Download Lab02 Part 2 Guide (PDF) and continue building from Part 1 using the guide. In Part 2, learners will add their first policy to the proxy, configuring it to transform the backend's XML response into a more modern JSON format.

This lecture completes Lab 2.

Download both PDFs below:

• Part 3 Guide — covers endpoint validation using Postman.

• Complete Lab Guide (Parts 1–3) — includes the full proxy creation and testing workflow.

Download the Lab03 Part 1 Guide (PDF).
You’ll implement Key-Value Maps to externalize configuration in your proxy.

In this lecture, you will learn how to make their proxy more configurable by externalizing the target URL into a Key-Value Map (KVM) and reading it with a policy at runtime.

Use the Lab03 Part 2 Guide (PDF) to configure the Service Callout policy for external API calls.

You will make the API more dynamic by using a Service Callout policy to call a second API, extract data from its response, and add that data to their final message.

This lecture completes Lab 3.

Download both resources below for step-by-step debugging instructions and the full lab sequence.To conclude, This lab teaches the learners, the essential skill of troubleshooting by using the Debug tool to find and fix a path error in their policy chain.

Welcome to the foundational lecture on REST! In today's digital world, REST is the architectural style that powers the vast majority of web services and APIs. Understanding its principles isn't just theory—it's a core requirement for anyone building or managing modern applications.

In this lecture, we'll demystify REST (Representational State Transfer) and break down the essential constraints that make it so scalable and reliable. We will explore the key concepts of resources, representations, and stateless communication. Most importantly, we'll move beyond the "what" to the "how" by diving into the industry-standard best practices for designing clean, intuitive, and future-proof RESTful APIs that are a pleasure for developers to use.

What you will learn:

• The core principles and constraints of the REST architectural style.

• How to think in terms of "resources" when designing an API.

• Best practices for naming conventions, URI structure, and versioning.

• How to design APIs that are logical, predictable, and easy to consume.

Ready to make your APIs talk? This lecture gets to the heart of RESTful communication: HTTP Methods and Status Codes. These are the verbs and the responses that form the universal language of the web, and mastering them is essential for building functional and robust APIs.

We will take a detailed look at the primary HTTP methods (GET, POST, PUT, DELETE, and PATCH), explaining exactly what each one does and, just as importantly, when to use it. You'll learn the critical concepts of safety and idempotency. Then, we'll decode the most common HTTP status codes, from success messages (200 OK) and creation confirmations (201 Created) to client errors (4xx) and server issues (5xx). By the end of this session, you'll be able to design API interactions that are not only functional but also provide clear, meaningful feedback to the client.

What you will learn:

• A deep understanding of the primary HTTP verbs: GET, POST, PUT, DELETE, and PATCH.

• The key differences between safe and idempotent methods.

• How to use HTTP status codes correctly to signal the outcome of an API request.

• How to build a clear and predictable communication contract between your API and its clients.

This lecture offers a clear and structured overview of the OpenAPI Specification (OAS)—the industry-standard way to describe RESTful APIs in a consistent, human- and machine-readable format.

You’ll gain a deep conceptual understanding of what OAS is, why it matters, and where it fits into the API lifecycle. We’ll explore the key elements of an OpenAPI document, including endpoints, parameters, data models, metadata, and authentication definitions.

Additionally, we’ll examine the strategic benefits of using OpenAPI in enterprise environments—such as enabling a design-first approach, generating interactive documentation, and supporting tools like Apigee X and Generative AI.

By the end of this session, you’ll have a solid grasp of the OpenAPI Specification’s role as the central API contract, without needing to write or implement any code.

What You’ll Learn:

• What OpenAPI (OAS) is and why it’s important

• Key components of an OpenAPI 3.0 document

• Benefits of using OAS across the API lifecycle

• How OAS integrates conceptually with API management tools like Apigee X

In this lecture, we'll dive into GraphQL, a powerful query language for your APIs that provides a more efficient and flexible alternative to the traditional REST architectural style. We will explore the core concepts behind GraphQL and understand why it has become so popular for modern application development.

By the end of this lecture, you will be able to:

• Define what GraphQL is and explain its fundamental principles.

• Compare and contrast GraphQL with REST, highlighting key differences.

• Understand the problem of over-fetching and under-fetching data and how GraphQL solves it.

• Identify the basic components of a GraphQL service, including Schemas, Queries, and Mutations.

Welcome to the introduction to gRPC (gRPC Remote Procedure Call), a modern, high-performance, open-source framework developed by Google. In this lecture, we'll explore how gRPC uses Protocol Buffers and HTTP/2 to enable efficient and robust communication, particularly in microservices architectures. ?

By the end of this lecture, you will be able to:

• Explain what gRPC is and its core architecture.

• Describe the role of Protocol Buffers (Protobufs) as its Interface Definition Language (IDL).

• Understand the benefits of using gRPC, such as high performance, streaming capabilities, and language independence.

• Compare gRPC with other API styles like REST and identify ideal use cases for it in enterprise systems.

APIs primarily speak two languages: JSON and XML. In this lecture, we'll get hands-on with these essential data formats and explore the techniques required to manage, transform, and validate them effectively within your API proxies. Mastering these payloads is a critical skill for any API developer or architect. ?️

By the end of this lecture, you will be able to:

• Confidently differentiate between the syntax and structure of JSON and XML.

• Describe common policies and strategies for parsing and validating both payload types.

• Explain the process of extracting specific data from a JSON or XML document.

• Understand the fundamental concepts behind data transformation (e.g., converting XML to JSON).

Creating high-quality API documentation is essential for developer adoption, but it's often a manual and time-consuming process. In this lecture, we'll explore how Generative AI is revolutionizing this space by automating the creation of clear, comprehensive, and consistent documentation. ✍️?

By the end of this lecture, you will be able to:

• Explain how Generative AI can be used to analyze API specifications and code.

• Describe the benefits of using AI for documentation, including increased speed and accuracy.

• Identify popular tools and models that automate API documentation generation.

• Understand how leveraging GenAI can significantly improve the developer experience for your APIs.

Download the Lab04 Part 1 Guide (PDF).

You’ll learn how to import an existing OpenAPI specification into Apigee X to auto-generate a proxy.

In this first part of our lab, we'll walk through one of the most common and powerful workflows in Apigee: creating a fully functional API proxy directly from an OpenAPI specification. This spec-first approach saves time and ensures your proxy perfectly matches your API's design. ⚙️

By the end of this lecture, you will be able to:

• Follow a step-by-step process to import an OpenAPI specification into Apigee.

• Examine the flows and resources that Apigee automatically generates.

• Understand how the specification's paths and verbs translate into proxy logic.

• Deploy and test the newly created API proxy to confirm it's working correctly.

The Lab04 Part 2 Guide (PDF) walks you through leveraging GenAI to assist in writing OpenAPI definitions.

What if you don't have an OpenAPI specification to start with? In this lab, we'll leverage the power of Generative AI to create one for us! You'll learn how to translate a simple, natural language description of an API's requirements into a well-structured OpenAPI specification, accelerating the design phase significantly. ✨

By the end of this lecture, you will be able to:

• Write effective prompts to instruct a GenAI tool to design an API.

• Generate a complete OpenAPI specification from a text-based description.

• Review and refine the AI-generated output for accuracy and completeness.

• Appreciate how AI can serve as a powerful assistant in the API lifecycle.

Download both resources below:
• Part 3 Guide — covers setup for GraphQL backend proxies.
• Complete Lab Guide (Parts 1–3) — for full reference.
(Note: gRPC setup is discussed conceptually in the video but not demonstrated in practice.)

Now let's switch gears from REST to GraphQL. While GraphQL backends offer great flexibility, they still require the security and management that an API gateway provides. This lab will guide you through the specific steps needed to configure an Apigee API proxy to manage and protect a GraphQL service. ?

By the end of this lecture, you will be able to:

• Understand the unique considerations for proxying a GraphQL API in Apigee.

• Create and configure an API proxy that securely routes requests to a GraphQL backend.

• Test the proxy by sending GraphQL queries through it.

• Recognize where to apply GraphQL-specific policies for security and traffic management.

Welcome to a critical foundation of our course! In this lecture, we pull back the curtain on API security. APIs are the gateways to your data and services, making them a prime target for attackers. Understanding how to protect them isn't just a technical skill—it's a business necessity. ?️

This session is designed to give you a clear, comprehensive overview of the modern threat landscape. We'll move beyond theory and look at the real-world vulnerabilities that can expose organizations to significant risk.

What You'll Learn

• The "Why": Understand why APIs have become a favorite target for malicious actors and the potential impact of a security breach.

• Core Principles: Grasp the fundamental concepts of API security, including authentication, authorization, and data encryption.

• Identify Common Threats: Learn to recognize the most critical security risks as defined by the OWASP API Security Top 10, the industry standard for API vulnerabilities.

• Proactive Mindset: Begin to think like an attacker to better anticipate and defend against potential threats.

  By the end of this lecture, you'll have the foundational knowledge needed to approach API management with a security-first mindset. Let's get started!

Ready to master the gold standard of API security? In this lecture, we move beyond the basics and take a deep dive into the two most important technologies in modern application security: OAuth 2.0 and JSON Web Tokens (JWT).

Understanding how these frameworks operate is no longer optional—it's a core skill for anyone managing or building APIs. We'll demystify the entire process, from the initial user consent to the final, secure API call, so you can implement security policies with confidence. ?

What You'll Learn

• Master the Framework: Confidently explain the four key roles in the OAuth 2.0 framework (Resource Owner, Client, Authorization Server, Resource Server).

• Differentiate Grant Types: Understand the difference between common OAuth 2.0 grant types and know exactly when to use each one (e.g., Authorization Code vs. Client Credentials).

• Decode JWTs: Learn to read and understand the three-part structure of a JSON Web Token: the Header, the Payload (including claims), and the Signature.

• Connect the Concepts: Grasp the relationship between the OAuth 2.0 framework, OpenID Connect (OIDC) for identity, and the JWTs that carry the information.

By the end of this deep dive, you won't just know what OAuth 2.0 and JWT are—you'll understand how they work together to secure the modern internet.

Download the Lab05 Part 1 Guide (PDF) to implement API Key validation policies and enforce basic access control.

Lab Objective

Your goal is to take an open, unsecured API proxy and protect it. By the end of this lab, your API will reject all anonymous traffic and will only respond to requests that include a valid API key.

What You'll Do Step-by-Step

1. Create an API Product: You will bundle your API proxy into a product. This is the core Apigee concept for managing and controlling access to your APIs.

2. Register a Developer & App: We will simulate the developer onboarding process. You'll create a developer account and register a new "app" that will be used to consume your API product.

3. Generate and Retrieve an API Key: You will see how Apigee automatically generates a unique consumer key (the API key) for the app you just registered.

4. Apply the Security Policy: This is the key step. You will navigate to your API proxy's policy editor and add the "Verify API Key" policy to the request flow.

5. Test Your Secured API: Using a tool like the curl command or Postman, you will test your endpoint. You will first make a call without the key to confirm it's blocked (receiving a 401 Unauthorized error) and then make a successful call with the key to see it work perfectly.

By completing this lab, you'll have successfully implemented a foundational security control and will fundamentally understand how Apigee manages the relationship between API products, developers, apps, and security. Let's get building!

Download and follow the Lab05 Part 2 Guide (PDF) for implementing OAuth 2.0 authorization flows.

our goal is to configure a full OAuth 2.0 flow. You will build a dedicated endpoint to generate access tokens and then secure your primary API proxy so that it only accepts requests that present a valid token.

What You'll Do Step-by-Step

1. Update the API Product: You will modify your API Product, disabling the simple API key approval and enabling it for the OAuth 2.0 flow.

2. Build the Token Endpoint: You will add the OAuth-v2 policy to an API proxy and configure its GenerateAccessToken operation. This creates the endpoint (e.g., /oauth/token) that applications will call to exchange their credentials for a bearer token.

3. Secure the Main API: On your primary "hello-world" proxy, you will replace the API Key policy from Part 1 with a new OAuth-v2 policy. This time, you'll use its VerifyAccessToken operation to validate incoming tokens.

4. Execute the Two-Step Flow:

   • Step 1: Using curl or Postman, you will make a POST request to your token endpoint, sending the app's client_id and client_secret to receive a valid access token.

   • Step 2: You will then use that token in the Authorization: Bearer header to make a successful call to your now-protected API.

Prerequisites

• Familiarity with the concepts from Part 1. You will need the API product, developer, and app you created previously.

By the end of this lab, you will have implemented one of the most common and important API security patterns used in the industry today. You'll have practical, hands-on experience with the complete token generation and validation lifecycle in Apigee.

Download and Use the Lab05 Part 3 Guide (PDF) to validate JWT tokens within your API proxy using the VerifyJWT policy.

Your goal is to completely replace the OAuth 2.0 scheme from the previous lab with a modern, secure JWT flow. This involves removing all legacy OAuth 2.0 components for clarity and implementing a robust two-policy approach to handle JWTs according to Apigee's best practices.

What You'll Do Step-by-Step

1. Clean Up Your Proxy: First, you will remove the OAuth-v2 policies from the previous lab to create a clean slate for our new JWT implementation.

2. Generate a JWT with Assign Message:

   • On your token endpoint, you will use the Assign-Message policy.

   • Inside this policy, you'll leverage Apigee's built-in createJWT() function to dynamically generate a signed JWT.

   • You will define the token's header, payload (claims), and specify the private key used for signing.

3. Validate the JWT:

   • On your main API proxy, you will add the Verify-JWT policy.

   • You will configure this policy to use the corresponding public key to cryptographically verify the token's signature.

   • You'll also add checks to validate claims like the expiration time (exp) to prevent replay attacks.

4. Test the Full Lifecycle:

   • Step 1: You will call your token endpoint to generate a new, signed JWT.

   • Step 2: You will take this token and use it in the Authorization: Bearer header to make a successful call to your protected API, proving the validation is working correctly.

     By the end of this lab, you'll understand how to build a complete, self-contained token-based security system entirely within Apigee, giving you a powerful and flexible alternative to traditional OAuth.

Download both PDFs below:
• Part 4 Guide — details mTLS setup for secure mutual authentication.
• Complete Lab Guide (Parts 1–4) — consolidates the entire security workflow.

This lab simulates a real-world enterprise workflow by dividing tasks between two distinct roles: the Cloud Network Admin, who configures the infrastructure, and the API Developer, who consumes the secured endpoint. This approach reflects the separation of duties common in large organizations. ☁️

Your goal is to secure an API proxy with mutual TLS (mTLS) by configuring a Google Cloud Load Balancer that sits in front of Apigee X. This ensures that only clients presenting a trusted certificate can establish a connection, with the GCLB handling the TLS termination and validation.

What You'll Do (Simulating Two Roles)

This lab is a collaborative exercise where you'll perform tasks from two different perspectives.

The Cloud Network Admin's Role ?‍?

(Configuring the Infrastructure)

1. Manage Trust in Certificate Manager: You will upload a Certificate Authority (CA) root certificate to Google Cloud's Certificate Manager. This CA will be the source of truth for which client certificates the load balancer should trust.

2. Create a Client TLS Policy: You will define a Client TLS Policy for the load balancer. In this policy, you will enable mTLS and instruct it to use the CA from Certificate Manager for validating incoming client certificates.

3. Enforce the Policy: You will attach this new Client TLS Policy to the load balancer's target HTTPS proxy, effectively activating mTLS for all traffic destined for your Apigee instance.

The API Developer's Role ?‍?

(Testing the Connection)

1. Obtain Client Credentials: You will be provided with a client certificate and a corresponding private key, just as you would receive from a security team in a real project.

2. Test for Failure: You will first attempt to connect to the API endpoint using curl without providing the client certificate. You will observe that the connection is rejected at the TLS handshake level by the GCLB—it fails before ever reaching Apigee.

3. Test for Success: You will then execute the curl command again, this time presenting your client certificate and private key. The GCLB will validate your certificate against its truststore, establish a secure connection, and forward your request to the Apigee proxy, resulting in a successful API call.

Download the Lab06 Part 1 Guide (PDF) to add caching policies and improve response time performance.

Welcome to Lab 6! In the world of enterprise APIs, speed and reliability are critical. A slow API frustrate users and increase backend infrastructure costs. One of the most effective strategies to solve this is caching.

In this hands-on lab (Part 1), we will implement the Apigee X ResponseCache policy to dramatically improve our API proxy's performance. You will learn how to store backend responses directly within Apigee's high-speed cache, allowing your API to return data in milliseconds without ever hitting the target server.

In this lecture, you will:

• Understand the "Why": Learn how caching reduces latency, decreases load on your backend services, and lowers operational costs.

• Configure the Policy: Get hands-on experience adding and configuring the ResponseCache policy in an Apigee X proxy.

• Define Cache Keys: Learn the importance of creating a unique cache key to ensure the correct response is stored and retrieved.

• Set Expirations (TTL): Configure the Time-to-Live (TTL) to manage data freshness and decide how long responses should be cached.

• Verify Your Work: Use the Apigee Trace tool to visually confirm when a response is being served from the cache versus the live backend target.

By the end of this lecture, you'll have a tangible, high-performance API proxy and a core skill used by every professional API developer. Let's start optimizing!

Download and Use the Lab06 Part 2 Guide (PDF) to apply Spike Arrest and Quota policies for traffic control.

In Part 1, we made our API fast. Now, in Part 2, we make it safe and stable.

An open, high-performance API is vulnerable to abuse, accidental traffic floods, and resource exhaustion. To run a professional API program, you must control how and when your API is used. This is where rate limiting and quotas come in.

This hands-on lecture moves from performance to protection. You will learn to use two of the most critical policies in Apigee X: Spike Arrest and Quota. We'll explore the key difference: Spike Arrest protects against sudden bursts (like a circuit breaker), while Quota manages usage over time (like a data plan).

In this lecture, you will:

• Implement Spike Arrest: Configure the SpikeArrest policy to defend your backend services from sudden, massive traffic spikes that could cause a crash.

  
  

• Configure Quotas: Implement the Quota policy to enforce business-level consumption limits (e.g., 100 calls per minute) tied to your API Products.

• Test the Policies: Learn how to trigger and test your new rules, observing the specific error messages (like 429 Too Many Requests) that Apigee returns when limits are hit.

• Understand the Business Context: See how quotas are essential for creating different tiers of service (like Free vs. Premium plans) and preventing any single consumer from monopolizing API resources.

By the end of this lab, you will have the skills to safeguard your APIs, ensure high availability for all consumers, and enforce the business rules defined in your API products.

Download the Lab06 Part 3 Guide (PDF) for hands-on exploration of Apigee Analytics dashboards and metrics.

Welcome to the third part of Lab 6. You’ve successfully made your API fast with caching and stable with rate limiting. But how do you prove it? How do you know who is using your API, which endpoints are most popular, or when your backend is failing?

You can't manage what you can't measure. This is where Apigee's powerful, built-in analytics capabilities come in. Analytics are the "brain" of your API program, turning raw traffic data into actionable business intelligence.

In this hands-on lab, we will move from configuring policies to interpreting their results. You will learn how to read the predefined analytics dashboards in Apigee X to understand your API's performance, identify errors, and track developer engagement.

In this lecture, you will:

• Become a Data Detective: Learn to navigate the core Apigee Analytics dashboards, including API Proxy Performance, Target Performance, and Error Code Analysis.

• Measure Your Impact: See the direct results of our previous labs. We will use the Cache Performance dashboard to prove how our caching policy is reducing backend load and improving latency.

• Troubleshoot Like a Pro: Dive into the Error Code Analysis dashboard to identify why requests are failing. Is it our new Quota policy (429 errors), a backend issue (5xx errors), or a client problem (4xx errors)?

• Answer Key Business Questions: Use the dashboards to answer critical questions:

  • Who are my top developers?

  • Which API resources are most popular?

  • Where in the world is my traffic coming from (Geomap)?

  • What is the 95th-percentile response time for my API?

By the end of this module, you won't just be an API builder; you'll be an API owner. You'll have the ability to read, understand, and communicate the health and value of your APIs to any stakeholder, from operations teams to business leaders.

You've done the work: you've built a fast, resilient, and secure API by implementing caching, rate limiting, and quotas. But how do you prove it? How do you simulate a real-world traffic spike or test the precise moment your cache kicks in?

Welcome to the final and most critical part of this lab. In this lecture, we will use Apache JMeter, the industry-standard open-source tool for performance testing. You will move from being an API developer to an API performance engineer. You will design and execute real-world load tests against your Apigee X proxy to validate that all the policies we just implemented are working exactly as expected.

This is where all the concepts from Lab 6 come together. We won't just hope our cache works; we'll prove it by hammering it with requests and watching the response times drop to near-zero. We won't just assume our quota works; we'll intentionally break it and verify that Apigee returns the correct 429 Too Many Requests error.

In this hands-on lecture, you will learn to:

• Set up a JMeter Test Plan: Configure the core elements of a performance test, including Thread Groups (to simulate users), HTTP Request Samplers (to call your API), and Listeners (to see your results).

• Authenticate Securely: Learn how to use the HTTP Header Manager to pass your Apigee API Key (x-apikey) with every request, just as a real client application would.

• Test 1: Validate Your Response Cache (Lab 6.1):

  • Run an initial test to "warm up" the cache and see the high backend response time.

  • Run the exact same test again and use the Summary Report listener to watch the average response time drop to single-digit milliseconds, proving your cache is working.

• Test 2: Validate Your Quota and Spike Arrest (Lab 6.2):

  • Configure a Thread Group to simulate a "spike" of traffic that intentionally exceeds the quota you set.

  • Use a Response Code Assertion to verify that Apigee successfully blocks the requests with the correct error code (429 or 500) after the allowed quota is consumed.

By the end of this lecture, you will have the practical, in-demand skill of using JMeter to performance-test and validate enterprise-grade API management policies.

Download the Lab07 Part 1 Guide (PDF) to learn API version control workflows with Git.

Download and use the Lab07 Part 2 Guide (PDF) to configure your CI/CD pipeline for automated builds and tests.

This lecture completes Lab 7.

Download both PDFs below:

• Part 3 Guide — details the automated deployment process to Apigee via CI/CD.

• Complete Lab Guide (Parts 1–3) — includes all pipeline setup and deployment instructions.

This lecture dives deep into advanced Apigee functionalities essential for enterprise-grade API management. We'll explore sophisticated integration patterns, robust error handling strategies, critical security enhancements, and innovative business models powered by GenAI. Prepare to unlock the full potential of Apigee for building resilient, secure, and intelligent API solutions.

Explore the practical application and economic impact of Generative AI within API ecosystems. This lecture presents in-depth real-world case studies, detailing how organizations like Stripe leverage AI for fraud detection and developer experience, and how Microsoft is unifying healthcare data with GenAI APIs. Understand how these innovations translate into new business models, from AI-driven customization to predictive analytics, empowering you to identify and capitalize on new opportunities in the API economy.