Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
What is a Policy?
A policy is a rule or a set of rules Scheer PAS API Management uses to manage your APIs. Policies represent the unit of work done at runtime, when API Management applies the policies to all API requests.
Info |
---|
Policies can be configured at three different levels: On an API , on a client or on a plan. |
Policies are applied through a policy chain: when a request to an API is made, API Management creates a chain of policies to be applied to that request. Policy chains define a specific sequence order in which the defined policies are applied to API requests.
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Policy Chain
A policy chain is an ordered sequence of policies that are applied when a request is made for an API through the gateway. The policies are processed in the following order:
Client
Plan
API
When a request for an API is received by the gateway, the policy chain is applied to the request in the order listed above. If none of the policies fail, the gateway will proxy the request to the backend API implementation. Once a response is received, the policy chain is then applied in reverse order to that response. This allows each policy to be applied twice, once to the inbound request and again to the outbound response. By applying the policy chain twice, API Management allows policy implementations two opportunities to provide management functionality during the lifecycle. The figure illustrates this two-way approach to applying policies.
Figure: Two-Way Policy Chain
Info |
---|
From PAS 24.1 the OpenAPI definition is adapted when the API is published. Adding or removing policies enriches now the OpenAPI definition. This also applies to the whole policy chain, even if the definition editor in the API details will only show API-related policy code. Refer to API Settings > API Definition for detailed information. |
Overview of the Supplied Policies
Adding a policy will allow its specific functionality to be applied to the API invocation as part of the overall policy chain. In API Management, four categories of policies are applicable:
- Security Policies
- Limiting Policies
- Modification Policies
- Other Policies
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Panel | ||
---|---|---|
| ||
|
Panel | ||
---|---|---|
| ||