View
Apigee Edge documentation.
Message content is a significant attack vector used by malicious API consumers. API Services provides a set of Policy types to mitigate the potential for your backend services to be compromised by attackers or by malformed request payloads.
The following video provides an overview and focuses on protecting against SQL injection attacks.
JSON attacks attempt to use structures that overwhelm JSON parsers to crash a service and induce application-level denial-of-service attacks.
Such attacks can be mitigated using the JSONThreatProtection Policy type.
See JSON Threat Protection policy.
XML attacks attempt to use structures that overwhelm XML parsers to crash a service and induce application-level denial-of-service attacks.
Such attacks can be mitigated using the XMLThreatProtection Policy type.
See XML Threat Protection policy.
Some content-based attacks use specific constructs in HTTP headers, query parameters, or payload content to attempt to execute code. An example is SQL-injection attacks. Such attacks can be mitigated using the RegularExpressionProtection Policy type.
See Regular Expression Protection policy.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-09 UTC.
