1. Get all existing policies of specified API Proxy

Description/Purpose: List the policies in the API Proxy whose name is sent as a parameter.

Authorization: In order to access the services, the user who wants to access the services must have a role within the project that has “Manage Proxies ‘ and ’Deploy/Undeploy Proxies” authorization.

Endpoint: https://<APINIZER_MANAGER_ADDRESS>/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

HTTP Method: GET

Request Headers:

Header	Value
Authorization	<ACCESS_TOKEN> Token is required to access this endpoint. For detailed information on how to get a token, please visit the Authorization API page.
Accept	application/json

Request Path Parameters:

Parameter	Value
projectName	Full name of the project where the queried API Proxy is located
apiProxyName	Full name of the API Proxy to query

Request Body: (none)

Response:

Status	Status Code	Description	Body
Success	200	successful operation	{ "status": "SUCCESS", "resultList": [ { "name": "Address", "type": "SOAP", "relativePath": "/address", "soapToRest": false, "requestPolicyList": [ { "type": "policy-throttling", "active": true } ], "responsePolicyList": [ { "type": "policy-api-call", "active": true } ], "errorPolicyList": [ { "type": "policy-script", "active": true }, { "type": "policy-script", "description": "sample description", "active": true } ], "endpointList": [ { "endpoint": "/UpdateAddress", "active": true, "httpMethod": "POST", "requestPolicyList": [ { "type": "policy-script", "active": true } ], } ] } ], "resultCount": 1 }
Wrong	400	bad request	{ "error": "...", "error_description": "..." }
Wrong	401	not authorized for this operation	{ "error": "unauthorized_client", "error_description": "..." }
Wrong	500	internal error	{ "error": "...", "error_description": "..." }

2. Add a policy to specified API Proxy

Description/Purpose: Adds a new policy to the specified API Proxy.

Authorization: The user who wants to access the services must have a role in the project that has “Manage Proxies ‘ and ’Deploy/Undeploy Proxies” authorization.

Endpoint: https://<APINIZER_MANAGER_ADDRESS>/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

HTTP Method: POST

Request Headers:

Header	Value
Authorization	<ACCESS_TOKEN> Token is required to access this endpoint. For detailed information on how to get a token, please visit the Authorization API page.
Accept	application/json
Content-Type	application/json

Request Path Parameters:

Parameter	Value
projectName	Full name of the project where the API Proxy to add a policy is located
apiProxyName	Full name of the API Proxy to add policy to
policyName	Full name of the policy to be added

Request Body:

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": "true",
    "deployTargetEnvironmentNameList": [
      "test"
    ],
    "order": "3"
  },
  "policy": {
    "type": "policy-time-restriction",
    "description": "This policy ensures that access to the API is only available on Mondays.",
    "active": "true",

    ...
    Policy specific attributes
    ...
  }
}

İşlem Metadata bilgilerini içeren operationMetadata alanının özellikleri:

Field	Status	Values It Can Take	Description
targetScope	Required	ALL, ENDPOINT	Specifies whether to add the policy to the API Proxy global (ALL) or to an endpoint (ENDPOINT).
targetEndpoint	Conditional (mandatory when the value of “targetScope” is “ENDPOINT”)	Text Value	Destination endpoint information.
targetEndpointHTTPMethod	Conditional (mandatory when the value of “targetScope” is “ENDPOINT”)	GET, POST, PUT, HEAD, OPTIONS, DELETE, PATCH, TRACE, ALL	HTTP Method information of the target endpoint.
targetPipeline	Required	REQUEST, RESPONSE, ERROR	The information on which line in the destination the policy will be added.
order	Optional	Numeric value	When sent, the policy is added to the corresponding queue in the target pipeline. When not sent, the policy is added to the end of the target pipeline.
deploy	Optional	Boolean Value	When it is sent and its value is “true”, it allows the corresponding API Proxy to be installed on the target environment.
deployTargetEnvironmentNameList	Conditional (Conditional when “deploy” is “true”)	Text Value	Specifies which environment(s) the Api Proxy will be installed to.

Fields containing Common Policy information:

Field	Status	Values It Can Take	Description
type	Required	policy-api-authentication policy-api-based-quota policy-api-based-throttling policy-api-call policy-auth-basic policy-auth-clear-text policy-auth-digest policy-auth-jwt policy-auth-mtls policy-auth-oauth2 policy-black-ip policy-business-rule policy-content-filter policy-decryption policy-digital-sign policy-digital-sign-verification policy-encryption policy-jose-implementation policy-jose-validation policy-json-schema-validation policy-json-transformation policy-max-message-size policy-min-message-size policy-redaction policy-request-protocol-transformation policy-response-protocol-transformation policy-saml-validation policy-script policy-time-restriction policy-white-ip policy-ws-security-from-target policy-ws-security-sts-token policy-ws-security-to-target policy-xml-schema-validation policy-xml-transformation	Holds the type of policy.
description	Optional	Text Value	It is a statement of policy.
active	Required	Boolean Value	Whether the policy is active or not.

Politikaya ait diğer alanlar politikanın tipine göre değişir.

Response:

Status	Status Code	Description	Body
Success	200	successful operation	{ "status": "SUCCESS" }
Fault	400	bad request	{ "error": "...", "error_description": "..." }
Fault	401	not authorized for this operation	{ "error": "unauthorized_client", "error_description": "..." }
Fault	500	internal error	{ "error": "...", "error_description": "..." }

3. Update an existing policy at specified API Proxy

Description/Purpose: Allows the policy in the specified API Proxy to be updated. The policy to be updated is found on the target line with the policy name.

Authorization: The user who wants to access the services must have a role in the project that has the “Manage Proxies ‘ and ’Deploy/Undeploy Proxies” authorization.

Endpoint: https://<APINIZER_MANAGER_ADDRESS>/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

HTTP Method: PUT

Request Headers:

Header	Value
Authorization	<ACCESS_TOKEN> Token is required to access this endpoint. For detailed information on how to get a token, please visit the Authorization API page.
Accept	application/json
Content-Type	application/json

Request Path Parameters:

Parameter	Value
projectName	Full name of the project where the API Proxy whose policy will be updated is located
apiProxyName	Full name of the API Proxy whose policy will be updated
policyName	Full name of the policy to be updated

Request Body:

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": "true",
    "deployTargetEnvironmentNameList": [
      "test"
    ],
    "order": "3"
  },
  "policy": {
    "type": "policy-time-restriction",
    "description": "This policy ensures that access to the API is only available on Mondays.",
    "active": "true",

    ...
    Policy specific attributes
    ...
  }
}

İşlem Metadata bilgilerini içeren operationMetadata alanının özellikleri:

Field	Status	Values It Can Take	Description
targetScope	Required	ALL, ENDPOINT	Specifies whether to look for the policy across the API Proxy (ALL) or at an endpoint (ENDPOINT).
targetEndpoint	Conditional (Required when the value of “targetScope” is “ENDPOINT”)	Text Value	Destination endpoint information.
targetEndpointHTTPMethod	Conditional (Required when the value of “targetScope” is “ENDPOINT”)	GET, POST, PUT, HEAD, OPTIONS, DELETE, PATCH, TRACE, ALL	HTTP Method information of the target endpoint.
targetPipeline	Required	REQUEST, RESPONSE, ERROR	The information on which line in the destination the policy will be called.
order	Optional	Numeric Value	When sent, if the policy is not in the relevant queue in the target pipeline, its queue is updated. When not sent, the queue is left as it is.
deploy	Optional	Boolean Value	When it is sent and its value is “true”, it allows the corresponding API Proxy to be installed on the target environment.
deployTargetEnvironmentNameList	Conditional (required when “deploy” is “true”)	Text Value	Specifies which environment(s) the Api Proxy will be installed to.

Fields containing Common Policy information:

Field	Status	Values It Can Take	Description
type	Required	policy-api-authentication policy-api-based-quota policy-api-based-throttling policy-api-call policy-auth-basic policy-auth-clear-text policy-auth-digest policy-auth-jwt policy-auth-mtls policy-auth-oauth2 policy-black-ip policy-business-rule policy-content-filter policy-decryption policy-digital-sign policy-digital-sign-verification policy-encryption policy-jose-implementation policy-jose-validation policy-json-schema-validation policy-json-transformation policy-max-message-size policy-min-message-size policy-redaction policy-request-protocol-transformation policy-response-protocol-transformation policy-saml-validation policy-script policy-time-restriction policy-white-ip policy-ws-security-from-target policy-ws-security-sts-token policy-ws-security-to-target policy-xml-schema-validation policy-xml-transformation	Holds the type of policy.
description	Optional	Text Value	It is a statement of policy.
active	Required	Boolean Value	Whether the policy is active or not.

Response:

Status	Status Code	Description	Body
Succes	200	successful operation	{ "status": "SUCCESS" }
Fault	400	bad request	{ "error": "...", "error_description": "..." }
Fault	401	not authorized for this operation	{ "error": "unauthorized_client", "error_description": "..." }
Fault	500	internal error	{ "error": "...", "error_description": "..." }

4. Delete a policy from specified API Proxy

Description/Purpose: Deletes the policy in the specified API Proxy. The policy to be deleted is found on the target line with the policy name.

Authorization: The user who wants to access the services must have a role in the project that has the “Manage Proxies ‘ and ’Deploy/Undeploy Proxies” authorization.

Endpoint: https://<APINIZER_MANAGER_ADDRESS>/apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

HTTP Method: DELETE

Request Headers:

Header	Value
Authorization	<ACCESS_TOKEN> Token is required to access this endpoint. For detailed information on how to get a token, please visit the Authorization API page.
Accept	application/json
Content-Type	application/json

Request Path Parameters:

Parameter	Value
projectName	Full name of the project where the API Proxy whose policy will be deleted is located
apiProxyName	Full name of the API Proxy whose policy will be deleted
policyName	Full name of the policy to be deleted

Request Body:

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": "true",
    "deployTargetEnvironmentNameList": [
      "test"
    ]
  }
}

İşlem Metadata bilgilerini içeren operationMetadata alanının özellikleri:

Field	Status	Values It Can Take	Description
targetScope	Required	ALL, ENDPOINT	Specifies whether to look for the policy across the API Proxy (ALL) or at an endpoint (ENDPOINT).
targetEndpoint	Conditional (Required when the value of “targetScope” is “ENDPOINT”)	Text Value	Destination endpoint information.
targetEndpointHTTPMethod	Conditional (Required when the value of “targetScope” is “ENDPOINT”)	GET, POST, PUT, HEAD, OPTIONS, DELETE, PATCH, TRACE, ALL	HTTP Method information of the target endpoint.
targetPipeline	Required	REQUEST, RESPONSE, ERROR	The information on which line in the destination the policy will be called.
deploy	Optional	Boolean Value	When it is sent and its value is “true”, it allows the corresponding API Proxy to be installed on the target environment.
deployTargetEnvironmentNameList	Conditional (required when “deploy” is “true”)	Text Value	Specifies which environment(s) the Api Proxy will be installed to.

Response:

Status	Status Code	Description	Body
Success	200	successful operation	{ "status": "SUCCESS" }
Fault	400	bad request	{ "error": "...", "error_description": "..." }
Fault	401	not authorized for this operation	{ "error": "unauthorized_client", "error_description": "..." }
Fault	500	internal error	{ "error": "...", "error_description": "..." }