Apigee Edge pricing is based on number of API calls / quarter. For Example, 1 API request into Edge, which then does a mashup of 5 backend API calls, back to 1 response out of Edge. Is that counted as 1 call or 5 or 1 + 5 = 6 ?
So, Is it one proxy in & out of Apigee / Is mashup backend calls are also counted ?
Answer is 1 ,
Backend API calls within API proxy call is not counted. Even if you make, 100 API calls inside an API Proxy to target systems , it is still counted as one.
API Count = 1 Proxy Request In & Response Out. Even if you mashup multiple API calls inside proxy it doesn’t make any impact in counting logic.
Just to clarify @Anil Sagar - 1 call means 1 call to Edge, that is, it goes to the domain that backed by Edge and is handled by an API proxy, correct?
@tpearson , Yes, 1 API call to Apigee Edge & Response back to the client. Doesn’t matter what’s the target / Apigee API proxy making multiple calls to backends using service callout. API calls no-target Apigee API Proxy also counted as 1. API Count = 1 Proxy Request In & Response Out.
@Anil Sagar In scenario where API is secured using OAuth, would that be counted as two calls- Where the consumer is calling the OAuth endpoint to get the token and then call the actual API ?
@Ram Krishna , Welcome to Apigee Community !
Yes, Any API Call in and out of Apigee Edge is counted as 1 call. In your case, Generate token - 1 API, Actual API - 1 API - In total 2 calls.
Thank you @Anil Sagar for the clarification.
Hi @Anil Sagar do we have this limitation even for On Premise installation?
@Anil Sagar, what if the api call is rejected by a rate limit, quota, or spike arrest policy? Does it still get counted for billing?
@Jonatan Soffer , Yes, We count them. At the end of the day we are processing them & machines are provisioned to handle the load on cloud.
But, We are more than happy to understand if you are getting >10 Billion API calls / Year in Cloud Enterprise license !!
It’s a great problem to have 
Hey, want to clarify another option in case of counting API calls. We have Hosted Target App that calls existing proxies, which calls some other proxies. As the result we get full response and return it to client. As I understand we pay only for the first API call? We do not count all internal requests on proxies despite we have 1 API Call + Response from each of these proxies? It still counts as one?
P.S. Need this to be clarified cause we get a really huge amount of calls 
How does this work in case proxy chaining?
Client → Proxy A → Proxy B (proxy chain) → Backend.
Does it count as 1 or 2?
@TIM , the simple way you can understand is how many consumer/client requests.
So, in your case it’s 1. Only one consumer request is served, so pricing will be only for one request.
If we are counting each API call coming to Apigee against the license then how to stop them from coming inside? Because no matter which throttling, or access control policy we add in Apigee, It will still come inside. So technically any bad actor can keep sending requests to increase the number of calls and increase our cost.
You are correct. A good practice is to use a WAF in front of Apigee, something like Google Cloud Armor or Akamai or some other system that can present a shield against DDoS and DoS attacks, and perhaps rate limit based on IP address and etc. That wAF will give you more features that just this kind of protection.
Of course you can use Apigee without a WAF, but you may be charged $$ for the calls that a “bad actor” sends in, as you described.
But isn’t that a security issue and should be addressed, especially for the Apigee SaaS? Because now they don’t need credentials. They just need a URL for the attack.
what about if there is an attack against invalid base paths – the APIs don’t exist in Apigee. Does this count too?
End up adding cloud armor + LB in front of Apigee for better control
Two! Each call handled by a proxy counts as one call.