Skip to content
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
samples Fix for Issue48 Mar 29, 2019
.gitignore Issue45 fix Mar 9, 2019
LICENSE license updated. May 2, 2016 Fix for Issue48 Mar 29, 2019
pom.xml [maven-release-plugin] prepare for next development iteration Mar 29, 2019


Maven plugin to create, manage Apigee config like Cache, KVM, Target Server, Resource Files, API Products, Developers, Developer Apps, Flow hooks, Extensions and Mask Config.

Help API teams follow API development best practices with Apigee.

  • Track Apigee Config (KVM, cache, target servers, etc.) in source control
  • Deploy config changes along with the API in a CI pipeline
  • Simplify, automate config management during API development
  • Track config changes in prod environment as releases

Small API projects can use the single file format in edge.json to manage their config. Large, complex projects with several config entities can use the multi-file format to organize config in source control. Checkout samples for examples.

This plugin is available in public maven repo and can be used just by referring to it in pom.xml. This github repo is the plugin source code and unless you make changes to the code you do not have to build this repo to use the plugin. Read this document further for plugin usage instructions.


You will need the following to run the samples:

Plugin Usage

mvn install -Ptest -Dapigee.config.options=create

  # Options

    Pick a profile in the parent pom.xml (shared-pom.xml in the example).
    Apigee org and env information comes from the profile.

    none   - No action (default)
    create - Create when not found. Pre-existing config is NOT updated even if it is different.
    update - Update when found; create when not found, updates individual entries for kvms. Refreshes all config to reflect edge.json.
    delete - Delete all config listed in edge.json.
    sync   - Delete and recreate.

     path containing the configuration.
     directory containing multi-file format config files.
     dir where the dev app keys are exported. This is only used for `exportAppKeys` goal. The file name is always devAppKeys.json

  # Individual goals
  You can also work with an individual config type using the 
  corresponding goal directly. The goals available are,
  kvms                  # CPS support from v1.2.1
  extensions			#v1.3.1 or later
  reports				#v1.3.2 or later

  For example, the apps goal is used below to only create apps and ignore all other config types.
  mvn apigee-config:apps -Ptest -Dapigee.config.options=create
  To export the dev app keys, use the following:
  mvn apigee-config:exportAppKeys -Ptest -Dapigee.config.exportDir=./target  

The default "none" action is a NO-OP and it helps deploy APIs (using apigee-deploy-maven-plugin) without affecting config.

Sample project

Refer to an example project at /samples/EdgeConfig

This project demonstrates the creation and management of Apigee Edge Config and performs the following steps in sequence.

  • Creates Caches
  • Creates Target servers
  • Creates Virtual Hosts
  • Creates KVM
  • Creates Resource File
  • Creates API products
  • Creates Developers
  • Creates Developer Apps
  • Creates Custom Reports and many more

To use, edit samples/EdgeConfig/shared-pom.xml, and update org and env elements in all profiles to point to your Apigee org, env. You can add more profiles corresponding to each env in your org.


To run the plugin and use edge.json jump to samples project cd /samples/EdgeConfig and run

mvn install -Ptest -Dusername=<your-apigee-username> -Dpassword=<your-apigee-password> -Dapigee.config.options=create

To run the plugin and use a config file similar to edge.json in any directory jump to samples project cd /samples/EdgeConfig and run

mvn install -Ptest -Dusername=<your-apigee-username> -Dpassword=<your-apigee-password> -Dapigee.config.file=<path-to-config-file> -Dapigee.config.options=create

To run the plugin and use the multi-file config format jump to samples project cd /samples/EdgeConfig and run

mvn install -Ptest -Dusername=<your-apigee-username> -Dpassword=<your-apigee-password> -Dapigee.config.options=create -Dapigee.config.dir=resources/edge

Refer to samples/APIandConfig/HelloWorld for config management along with API deployment using apigee-deploy-maven-plugin. More info at samples/

Multi-file config

Projects with several config entities can utilize the multi-file structure to organize config while keeping individual file sizes within manageable limits. The plugin requires the use of specific file names and directories to organize config.

The apigee.config.dir option must be used to identify the top most directory containing the following config structure.

  ├── api
  │   ├── forecastweatherapi
  │   │   ├── resourceFiles
  │   │   │   ├── jsc
  │   │   │   │    ├── test.js
  │   │   ├── kvms.json
  │   │   └── resourcefiles.json
  │   └── oauth
  │       ├── kvms.json
  │       └── maskconfigs.json
  ├── env
  │   ├── prod
  │   │   ├── caches.json
  │   │   └── flowhooks.json
  │   └── test
  │       ├── caches.json
  │       ├── kvms.json
  │       ├── targetServers.json
  │       └── virtualHosts.json   
  └── org
      ├── apiProducts.json
      ├── developerApps.json
      ├── developers.json
      ├── kvms.json
      ├── reports.json
      └── maskconfigs.json

Single file config structure - edge.json

Projects with fewer config entities can use the single file edge.json format to capture all config of an API project. The edge.json file organizes config into 3 scopes corresponding to the scopes of config entities that can be created in Edge. The plugin looks for edge.json in the current directory by default.


For example, API product is an orgConfig whereas Cache is an envConfig. The envConfig is further organized into individual environments as follows.


The environment name is intended to be the same as the profile name in pom.xml (parent-pom.xml or shared-pom.xml).

The final level is the config entities.


Each config entity is the payload of the corresponding management API. The example project may not show all the attributes of config entities, but any valid input of a management API would work.

Config entities like "developerApps" are grouped under the developerId (email) they belong to.

OAuth (supported from v1.2 or higher)

Apigee management APIs are secured using OAuth tokens as an alternative to the Basic Auth security. Additionally Two-Factor authentication (MFA) using TOTP can also be configured as an additional layer of security. This plugin has the capability to acquire OAuth tokens and invoke management API calls.

Refer to How to get OAuth2 tokens and Two-Factor authenticationfor details.

Using OAuth

OAuth capability when enabled is seamless and the plugin acquires OAuth tokens and uses it subsequently to call management APIs.

To enable OAuth add the following options to all profiles as required. Refer to shared-pom.xml example.

<apigee.tokenurl>${tokenurl}</apigee.tokenurl> <!-- optional: oauth -->
<apigee.authtype>${authtype}</apigee.authtype> <!-- optional: oauth|basic(default) -->

To invoke, add command line flags to enable OAuth.

mvn install -Ptest -Dusername=$ae_username -Dpassword=$ae_password \
                    -Dorg=testmyapi -Dauthtype=oauth -Dapigee.config.options=create

"tokenurl" is optional and defaults to the cloud version ""

Two-Factor Authentication

Two-Factor authentication is based on TOTP tokens. When the apigee account is enabled for Two-Factor Authentication it applies to management APIs as well.

The plugin can accept TOTP tokens generated by an external utility and use it to acquire OAuth tokens.

TOTP can be generated using command line tools for use in CI tools like Jenkins.

Using Two-Factor Authentication token

Note OAuth needs to be enabled before Two-Factor Authentication can be used.

To enable Two-Factor Authentication, add the following options to all profiles as required. Refer to shared-pom.xml example.

<apigee.mfatoken>${mfatoken}</apigee.mfatoken> <!-- optional: mfa -->

Provide the token when invoking the plugin.

mvn install -Ptest -Dusername=$ae_username -Dpassword=$ae_password \
                    -Dorg=testmyapi -Dauthtype=oauth -Dmfatoken=123456 -Dapigee.config.options=create

If the API takes a long time to package up then it is likely that the token would have expired before it is used. To mitigate against this, from version 1.1.5, an initmfa goal can be called during the validate phase:


Depending on where the plugin is in the order, and how much validation is required, it is possible that this may still result in token timeout.

Passing the Bearer Token as a parameter

If you would like to generate the bearer token outside of this plugin and provide it as a command line parameter, you can add the following:


Provide the token when invoking the plugin.

mvn install -Ptest -Dusername=$ae_username -Dorg=testmyapi \
                     -Dauthtype=oauth -Dbearer=c912eu1201c -Dapigee.config.options=create

NOTE: when using bearer token - please provide the username as well, as it is used for token validation

Passing the Refresh Token as a parameter

If you would like to generate the refresh token outside of this plugin and provide it as a command line parameter, you can add the following:


Provide the token when invoking the plugin.

mvn install -Ptest -Dusername=$ae_username -Dorg=testmyapi \
                     -Dauthtype=oauth -Dbearer=c912eu1201c -Drefresh=d023fv2312d -Dapigee.config.options=create

NOTE: If you are providing refresh token, you need to provide the bearer token and username as well


  • Keystore, Truststore support
  • Custom roles
  • User role association

Please send feature requests using issues


You can’t perform that action at this time.