Google Apigee · Rate Limits

Google Apigee Rate Limits

Apigee publishes operational and management-plane limits per environment, organization, and project. The data-plane (runtime traffic through your API proxies) is governed by SpikeArrest / Quota policies you configure. The numbers below are the platform ceilings that Apigee management APIs and default infrastructure enforce.

23 Limits Throttle: 429 Quota: 429
API GatewayAPI ManagementGoogle CloudRate Limiting

Limits

Management API calls (UI/user-initiated) organization
requests_per_minute · minute
6000
Synchronizer-invoked calls (hybrid) organization
requests_per_minute · minute
1000
UDCA-invoked calls organization
requests_per_minute · minute
6000
SpikeArrest policy maximum (per second) api-proxy
requests_per_second · second
4000
Configured via SpikeArrest policy on the proxy.
SpikeArrest policy maximum (per minute) api-proxy
requests_per_minute · minute
240000
Metrics API calls organization
requests_per_minute · minute
100
Asynchronous query API calls organization
requests_per_day · day
300
Data Export API calls organization
requests_per_day · day
500
Debug sessions project
sessions_per_minute · minute
100
API proxies per environment environment
proxies
6000
Shared flows per environment environment
shared_flows
75
API proxy endpoints per proxy api-proxy
endpoints
10
Flows per proxy api-proxy
flows
200
Buffered request/response size request
bytes
31457280
30 MB; streaming above 10 MB has performance impact.
Streamed request/response size request
bytes
10485760
10 MB recommended ceiling for streamed messages.
Request/response header size request
bytes
61440
60 KB.
Cache value size cache-entry
bytes
262144
256 KB.
Items per cache cache
items
10000000
Total KVM items per organization organization
items
5000000
Apps per organization organization
apps
1000000
Developers per organization organization
developers
1000000
API products per organization organization
products
5000
API keys per app app
keys
10

Policies

Quota and SpikeArrest policies
Use the Apigee Quota policy for per-app/product quotas and SpikeArrest for traffic smoothing and burst protection at the proxy level. These are configured per API proxy and bind to the documented ceilings above.
Backoff
Honor 429 + Retry-After on the management plane; on the data plane, respond per the SpikeArrest/Quota policy configuration.
Environment sizing controls capacity
PAYG environment type (Base/Intermediate/Comprehensive) determines maximum proxy deployments per region (20/50/100 included; up to 6,000 purchasable on Comprehensive).
Token expiration windows
OAuth access tokens valid 180 seconds to 30 days; refresh tokens 1 day to 2 years; token size capped at 2 KB.

Sources