This section provides a reference for the following API management policies.
Policies are a powerful capability of the system that allow the publisher to change API behavior through configuration. Policies are the collection of statements that are executed sequentially on the API request or response. Popular statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. Many more policies are available out of the box.
API policies are solid proficiencies within an API system that allows the issuer to adjust API performance through configuration. Policies apply restrictions that secure API and maintain their structure, ensuring control over API effectiveness and delivery. Keeping API well-structured prevents overexposing API that results in stucking in little things.
The configuration is divided into
on-error. The series of specified policy statements are executed in a request-response order.
<!-- statements to be applied to the request go here -->
<!-- statements to be applied to the response go here -->
<!-- statements to be applied if there is an error condition go here -->
If there is an error during processing of a request, any remaining steps in the inbound, or outbound sections are skipped and execution jumps to the statements in the on-error section.
<check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false">
- Restrict caller IPs – filters (allows/denies) calls from specific IP addresses and/or address ranges.
- Restrict caller hosts – filters (allows/denies) calls from specific IP addresses and/or address ranges.
- Control flow – conditionally applies policy statements based on the results of the evaluation of Boolean expressions.
- Return response – aborts pipeline execution and returns the specified response directly to the caller.
- CORS – adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.
- Find and replace string in body – finds a request or response substring and replaces it with a different substring.
- Set HTTP header – assigns a value to an existing response/request header or adds a new response/request header.