This page provides an overview of using VPC Service Controls for API hub, covering service perimeter configuration, perimeter verification, and known limitations.
API hub integrates with VPC Service Controls to provide enhanced network security for your API hub instance provisioned in Google Cloud. VPC Service Controls enables you to establish a service perimeter around your API hub resources, constraining ingress and egress traffic. This perimeter helps to:
For more information about VPC Service Controls, see the Overview of VPC Service Controls.
To configure VPC Service Controls, you can use the Google Cloud console, the gcloud tool, or the Access Context Manager APIs. Perform the following steps:
apihub.googleapis.com) service. For more information, see Create a service perimeter.For information about the other optional VPC Service Controls configurations, see Service perimeter configuration stages.
Verify and list the service perimeters created for API hub using the following gcloud command:
gcloud access-context-manager perimeters describe PERIMETER_NAME.
For more information about managing service perimeters, see Managing service perimeters.
All Apigee runtime projects associated with an API hub instance must reside within the same VPC Service Controls service perimeter as the API hub host project.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-09 UTC.