Apigee pricing

Try middleBrick free

What middleBrick covers

  • Risk scoring across 12 OWASP API Top 10 categories
  • Black-box scanning with no agents or SDKs
  • Read-only methods with under one minute scan time
  • Authenticated scans with domain verification
  • CI/CD integration via GitHub Actions and MCP server
  • Continuous monitoring with HMAC-SHA256 signed webhooks

Apigee pricing overview

Apigee does not publish a simple list price for its full platform. Public documentation focuses on organizational units and deployment options rather than per‑seat or per‑scan figures. Costs are typically driven by organization size, message processing volume, runtime characteristics, and support level, and any pricing information requires a direct quote from sales.

Published price list and constraints

Apigee provides a publicly available price list for select developer services, such as API call volume tiers and addons like analytics or monetization. These list prices apply to specific API management features and often assume particular deployment models. Enterprise features such as custom security policies, hybrid deployments, and premium support are not itemized publicly and are handled through negotiated agreements.

What influences an Apigee quote

Because pricing is not transparent, estimates depend on multiple variables. Key factors include the number of developers and API proxies, monthly message volume, the mix of runtime and analysis components, and whether the deployment is managed or self‑hosted. Additional cost drivers include add‑on products, support tiers, and contractual terms such as commitment length.

  • Organization and team size
  • API traffic volume and operations
  • Feature set and add‑ons
  • Deployment type and support level

How this compares to API security scanning

middleBrick focuses exclusively on API security verification and does not replace broader platform pricing discussions. The scanner maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023), providing risk scores and prioritized remediation guidance. It operates as a read‑only black‑box tool with scan times under a minute and supports authenticated scans for Bearer, API key, Basic auth, and cookies when domain verification is completed.

Product capabilities and integrations

The platform provides dashboards, CLI access, CI/CD integration, automated monitoring, and compliance reporting. Scans can be run via web dashboard, the middlebrick CLI with JSON or text output, GitHub Actions as CI gates, and an MCP server for AI coding assistants. Continuous monitoring options include scheduled rescans, diff detection, email alerts rate‑limited to one per hour, and HMAC‑SHA256 signed webhooks with auto‑disable after five consecutive failures.

middlebrick scan https://api.example.com

Data handling and privacy posture

middleBrick performs read‑only checks using GET and HEAD methods, with text‑only POST for LLM probes. It blocks destructive payloads and internal endpoints, and customer data can be deleted on demand and purged within 30 days of cancellation. The tool does not fix or remediate issues, and it does not perform active injection tests that require intrusive payloads.

See how middleBrick compares See all use cases

Frequently Asked Questions

Is Apigee pricing public?
No, Apigee does not publish a complete public price list. Pricing is typically obtained through sales and depends on organization size, message volume, and feature usage.
What factors change an Apigee quote?
Key factors include the number of API proxies, monthly traffic, runtime components, add‑ons, deployment type, and support package. Contractual terms such as commitment length also influence final pricing.
Does middleBrick replace Apigee security analysis?
No. middleBrick is an API security scanner that detects configuration and implementation risks. It maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023), but it does not replace platform pricing or broader governance discussions.
What authentication methods does middleBrick support?
Bearer tokens, API keys, Basic auth, and cookies. Authenticated scans require domain verification via DNS TXT record or an HTTP well-known file.
How does middleBrick handle scan data?
Scan data is deletable on demand and purged within 30 days of cancellation. Data is never sold and is not used for model training.

Related Pages

Alternatives to WallarmViable alternatives to Wallarm for API security — including middleBrick.Alternatives to DetectifyViable alternatives to Detectify for API security — including middleBrick.Alternatives to Noname SecurityViable alternatives to Noname Security for API security — including middleBrick.Is Snyk worth it in 2026?Honest take on whether Snyk earns its price tag for API security.Is Lasso Security worth it in 2026?Honest take on whether Lasso Security earns its price tag for API security.Is Probely worth it in 2026?Honest take on whether Probely earns its price tag for API security.