Endpoints
- List Policies - Get all policies for an API proxy
- Add Policy - Add a new policy to an API proxy
- Update Policy - Update an existing policy
- Delete Policy - Delete a policy from an API proxy
Policy Types
Policies are organized by type. Each policy type has its own documentation page with complete examples:Authentication Policies
- Basic Authentication
- Clear Text Authentication
- Digest Authentication
- JWT Authentication
- OAuth2 Authentication
- OIDC Authentication
- mTLS Authentication
- API Authentication
- SAML Validation
Security Policies
- WS-Security Encrypt
- WS-Security Decrypt
- WS-Security Sign
- WS-Security Sign Validation
- WS-Security Username Token
- WS-Security Timestamp
- WS-Security From Target
- WS-Security To Target
- JOSE Validation
- JOSE Implementation
- Digital Sign
- Digital Sign Verification
- Encryption
- Decryption
Rate Limiting & Quota Policies
IP Filtering Policies
Transformation Policies
- JSON Transformation
- XML Transformation
- Request Protocol Transformation
- Response Protocol Transformation
Validation Policies
Content Policies
Scripting Policies
Integration Policies
Advanced Policies
Authentication
All endpoints require authentication using a Personal API Access Token.Permissions
GET Operations (List Policies)
- User must have
API_MANAGEMENT+VIEWpermission in the project - If the asset category does not exist, user must have at least one permission in the project
POST/PUT/DELETE Operations (Add/Update/Delete Policy)
- User must have
API_MANAGEMENT+MANAGEpermission in the project - If
deploy: trueis set in the request, user must also haveAPI_MANAGEMENT+DEPLOY_UNDEPLOYpermission
Permission Requirements
| Operation | Required Permission |
|---|---|
| List Policies | API_MANAGEMENT + VIEW (or any permission if category doesn’t exist) |
| Add/Update/Delete Policy | API_MANAGEMENT + MANAGE |
| Deploy Policy | API_MANAGEMENT + DEPLOY_UNDEPLOY |
Related Documentation
- Authentication Guide - How to obtain and use API tokens
- Error Handling - Error response formats