The Authorization Policy allows to add a list of fine-grained authorization rules. Use this policy to control precisely who is allowed to access the API.
The configuration of this policy consists of a number of rules that are applied to any inbound request to the API. Each rule consists of a regular expression pattern, an HTTP verb and the role that an authenticated user must possess in order for access to be granted.
Configuration Options
Option | Type | Description | Possible Values | Default |
---|
Path | String
| The pattern must match the request resource path you would like the policy to be applicable to. | - | - |
HTTP method (Verb)
| String | The HTTP method has to match the request you would like the policy to be applicable to. | * GET POST PUT DELETE OPTIONS HEAD TRACE CONNECT | * |
User Role | String | This role must be assigned to the user if this pattern should match the request. | - | - |
Multiple Match Action | Boolean | Set to true if all rules must match and to false if at least one rule must match. | at least one all | all (true) |
Unmatched Request Action | Boolean | Set to true if you want the policy to pass when no rules are matched. Set to false if you want the request to fail if none of the rules match. | fail pass | fail (false) |