Overview of API Policy
Description
Policies are a powerful capability of the system that allow the API publisher to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. Policies are applied inside the API gateway, which sits between the API consumer and the managed API.
For the current context of API Policy, unless specifically mentioned, Match Policy is the implementation of API Policy.
Match Policy can be defined to match any attributes/fields value of a Request, Response and third-party based JWT token object context with defined match expression (Request headers, URI, method, version, Response headers, status code, status message, JWT standard claims, etc.). In the Match Policy, you can define how to match the value using operations such as ContainsAny, ContainsAll, JSONPath and XPath.
- Match Policy supports match keywords using operation ContainsAny, ContainsAll, JSONPath, and XPath.
- Policy supports JSON in pre/post input configuration for policy enforcement.
- ContainsAny keyword support is inspired by functional aspect of Java Collection Contains Method. Match is string case sensitive by default.
- ContainsAll keyword support is inspired by functional aspect of Java Collection ContainsAll Method. Match is string case sensitive by default.
- ContainsAny and ContainsAll keyword may optionally have Boolean subtype CaseSensitive. If subtype CaseSensitive is not provided, then default is true.
- JSONPath and XPath expression is used to find the JSON payload attribute and XML payload attribute respectively.
Match Policy Parameters
-
Name: Contains the policy name. In the case of Match Policy, it is always "Match".
-
Operation : Defines how to match the variable value. Its value can be "ContainsAny", "ContainsAll", "JSONPath" and "XPath".
-
Context: Defines policy context. Currently supported context for Match Policy are Request and Response.
-
Argument Location: Defines Java unified expression to evaluate variable value in the defined context. Argument location evaluation should result in either string, integer, array of strings, or array of integer. Comma separated values are converted into list. Example: For request header -
${request.headers.get('header name')} -
Match Expression: Defines the expression from which value should be matched. It is defined as JSON Array. Example: ["10.97.242.55", "10.97.242.51"]
-
Effect: Upon successful matching expression, defines whether or not a call is allowed. Permissible value can be - Allow/Deny. If any policy with effect as "Deny" is evaluated successfully, then that call is blocked at that point and further defined policies in the structure is not evaluated. It is an optional parameter and its default value is "Allow".
-
CaseSensitive: Optional parameter. It can be defined for ContainsAny and ContainsAll operation to identify whether match should be case sensitive or case insensitive.