Ana içeriğe atla

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Authentication

Requires a Personal API Access Token. 
Authorization: Bearer YOUR_TOKEN

Request

Headers

HeaderValueRequired
AuthorizationBearer Yes
Content-Typeapplication/jsonYes

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name (must be unique within the API Proxy)

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-based-throttling",
    "description": "API throttling policy - 100 requests per minute",
    "active": true,
    "targetVariableForIdentity": {
      "type": "HEADER",
      "headerName": "X-API-Key"
    },
    "messageCountForInterval": 100,
    "throttlingInterval": "ONE_MINUTE",
    "intervalPeriodLength": 1,
    "intervalWindowType": "FIXED",
    "cacheConnectionTimeoutInSeconds": 3,
    "cacheErrorHandlingType": "FAIL",
    "showRateLimitStatisticsInResponseHeader": true,
    "detailList": [
      {
        "targetValue": "VIP",
        "regexExpression": false,
        "messageCountForInterval": 1000,
        "intervalPeriodLength": 1,
        "quotaInterval": "ONE_MINUTE"
      }
    ],
    "policyCondition": {
      "conditionRuleList": [
        {
          "conditionCriteria": "VALUE",
          "firstVariable": {
            "name": "userTypeHeader",
            "type": "HEADER",
            "headerName": "X-User-Type"
          },
          "variableDataType": "STRING",
          "valueComparisonOperator": "EQ",
          "secondValueSource": "VALUE",
          "secondValue": "PREMIUM"
        }
      ]
    }
  }
}

Request Body Fields

Policy Operation Metadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1). If null or >= list size, policy is added at the end

EnumPolicyTargetScope

  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint

EnumPolicyTargetPipeline

  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline

EnumHttpRequestMethod

  • GET - GET method
  • POST - POST method
  • PUT - PUT method
  • DELETE - DELETE method
  • PATCH - PATCH method
  • OPTIONS - OPTIONS method
  • HEAD - HEAD method
  • TRACE - TRACE method
  • ALL - All methods
Note: When targetScope is ENDPOINT, both targetEndpoint and targetEndpointHTTPMethod are required.
policy
The policy object structure varies by policy type. All policies share common base fields:
Common Policy Fields
FieldTypeRequiredDefaultDescription
typestringYes-Policy type (discriminator field)
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
policyConditionobjectNo-Policy condition configuration (see PolicyCondition below)
errorMessageListarrayNo-Custom error messages (if not provided, standard messages are used)
Note: The name field is not included in the request body. The policy name is taken from the path parameter {policyName}.
Policy Types
Each policy type has its own specific fields. See individual policy documentation pages for details:
Policy Condition (PolicyConditionDTO)
FieldTypeRequiredDefaultDescription
conditionRuleListarrayNo[]List of condition rules. If empty, default AND condition is used
Note: If conditionRuleList is empty or not provided, a default AND condition is created.
conditionRuleList Item (ConditionRuleDTO)
FieldTypeRequiredDefaultDescription
conditionRuleListarrayNo[]Nested condition rules (for complex conditions)
conditionCriteriastringYes-Condition criteria: VALUE, NOT, AND, or OR
firstVariableobjectYes-First variable for comparison (see VariableDTO below)
variableDataTypestringYes-Variable data type: STRING, NUMBER, DATE, BOOLEAN
dateFormatstringNo-Date format for date comparisons (required if variableDataType=DATE)
valueComparisonOperatorstringYes-Comparison operator (see EnumConditionValueComparisonOperator below)
secondValueSourcestringYes-Second value source: VALUE or VARIABLE
secondValuestringNo*-Second value for comparison (required if secondValueSource=VALUE)
secondVariableobjectNo*-Second variable for comparison (required if secondValueSource=VARIABLE)

EnumConditionCriteria

  • VALUE - Value comparison
  • NOT - Negation
  • AND - Logical AND
  • OR - Logical OR

EnumConditionVariableDataType

  • STRING - String type
  • NUMERIC - Numeric type
  • DATE - Date type

EnumConditionValueComparisonOperator

  • LT - Less than
  • LE - Less than or equal to
  • GT - Greater than
  • GE - Greater than or equal to
  • EQ - Equal to
  • NE - Not equal to
  • STARTS_WITH - Starts with
  • ENDS_WITH - Ends with
  • CONTAINS - Contains
  • NOT_CONTAINS - Does not contain
  • IS_EMPTY - Exists and is empty
  • IS_NOT_EMPTY - Exists and is not empty
  • IS_EXISTS - Exists
  • IS_NOT_EXISTS - Does not exist
  • IN - In list
  • NOT_IN - Not in list

EnumConditionValueSource

  • VALUE - Compare with a constant value
  • VARIABLE - Compare with another variable
firstVariable / secondVariable (VariableDTO)
FieldTypeRequiredDefaultDescription
idstringNo-Variable ID (if referencing existing variable)
projectIdstringNo-Project ID (if referencing existing variable)
namestringNo*-Variable name (required if id not provided)
descriptionstringNo-Variable description
typestringYes-Variable type: HEADER, PARAMETER, BODY, CONTEXT_VALUES, CUSTOM
headerNamestringNo*-Header name (required if type=HEADER)
paramTypestringNo*-Parameter type: QUERY, PATH, FORM (required if type=PARAMETER)
paramNamestringNo*-Parameter name (required if type=PARAMETER)
paramPathstringNo-Parameter path
formNamestringNo-Form name (for form parameters)
xpathValuestringNo*-XPath value (required if type=BODY and content is XML)
jsonPathValuestringNo*-JSONPath value (required if type=BODY and content is JSON)
messageContentTypestringNo*-Message content type: JSON, XML, FORM (required if type=BODY)
contextValuestringNo*-Context value (required if type=CONTEXT_VALUES)
zoneIdstringNo-Zone ID (for date context values)
initWithScriptbooleanNofalseInitialize with script
scriptLanguagestringNo-Script language: GROOVY, JAVASCRIPT (required if initWithScript=true)
scriptBodystringNo-Script body (required if initWithScript=true)

EnumVariableType

  • HEADER - HTTP header
  • PARAMETER - Query/path/form parameter
  • BODY - Request/response body
  • CONTEXT_VALUES - Context values (e.g., current time, IP address)
  • CUSTOM - Custom variable (script-based)

EnumVariableParameterType

  • QUERY - Query parameter
  • PATH - Path parameter
  • FORM - Form parameter

EnumMessageContentType

  • JSON - JSON content
  • XML - XML content
  • FORM - Form content

EnumVariableContextValue

  • CURRENT_TIME - Current timestamp
  • CURRENT_DATE - Current date
  • CLIENT_IP - Client IP address
  • CLIENT_PORT - Client port
  • SERVER_IP - Server IP address
  • SERVER_PORT - Server port
  • REQUEST_METHOD - HTTP request method
  • REQUEST_URI - Request URI
  • REQUEST_PATH - Request path
  • REQUEST_QUERY_STRING - Query string
  • REQUEST_PROTOCOL - Request protocol
  • REQUEST_HOST - Request host
  • REQUEST_SCHEME - Request scheme
  • RESPONSE_STATUS_CODE - Response status code
  • RESPONSE_STATUS_TEXT - Response status text
  • API_PROXY_NAME - API Proxy name
  • API_PROXY_ID - API Proxy ID
  • ENDPOINT_NAME - Endpoint name
  • ENDPOINT_ID - Endpoint ID
  • ENVIRONMENT_NAME - Environment name
  • ENVIRONMENT_ID - Environment ID
  • PROJECT_NAME - Project name
  • PROJECT_ID - Project ID
  • USER_NAME - User name
  • USER_ID - User ID
  • ORGANIZATION_NAME - Organization name
  • ORGANIZATION_ID - Organization ID
  • ZONE_ID - Zone ID
  • TIMEZONE_ID - Timezone ID

EnumScriptType

  • GROOVY - Groovy script
  • JAVASCRIPT - JavaScript script

Response

Success Response (200 OK)

{
  "status": "SUCCESS"
}
If deploy: true is set in the request, the response includes deployment result: 
{
  "status": "SUCCESS",
  "deploymentResult": {
    "success": true,
    "responseTime": 1500,
    "detailList": [
      {
        "envName": "production",
        "podName": "pod-123",
        "podIp": "10.0.0.1",
        "success": true,
        "responseTime": 1500
      }
    ]
  }
}

Response Fields

FieldTypeDescription
statusstringResponse status: SUCCESS or FAILURE
deploymentResultobjectDeployment result (if deploy=true). See Deployment Result Object

Deployment Result Object (deploymentResult)

FieldTypeDescription
successbooleanOverall deployment success status
responseTimeintegerTotal deployment response time in milliseconds
detailListarrayList of deployment details per pod/environment

Deployment Detail Object (detailList item)

FieldTypeDescription
envNamestringEnvironment name
podNamestringPod name where deployment occurred
podIpstringPod IP address
successbooleanDeployment success status for this pod
responseTimeintegerDeployment response time for this pod in milliseconds

EnumStatus

  • SUCCESS - Operation successful
  • FAILURE - Operation failed

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "A policy with same name (my-policy) is already exist in API Proxy!"
}

Common Causes

  • Policy name already exists
  • Invalid targetScope (ENDPOINT without targetEndpoint)
  • Invalid targetEndpoint (endpoint not found in API Proxy)
  • Invalid policy type
  • Missing required policy fields
  • Invalid condition configuration

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "ApiProxy (name: MyAPI) was not found!"
}

cURL Example

Example 1: Add Policy to All Endpoints

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/throttling-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-based-throttling",
      "description": "Throttling policy",
      "active": true,
      "targetVariableForIdentity": {
        "type": "HEADER",
        "headerName": "X-API-Key"
      },
      "messageCountForInterval": 100,
      "throttlingInterval": "ONE_MINUTE",
      "intervalPeriodLength": 1,
      "intervalWindowType": "FIXED"
    }
  }'

Example 2: Add Policy to Specific Endpoint

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/endpoint-throttling/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ENDPOINT",
      "targetEndpoint": "/api/users",
      "targetEndpointHTTPMethod": "GET",
      "targetPipeline": "REQUEST",
      "deploy": false,
      "order": 2
    },
    "policy": {
      "type": "policy-api-based-throttling",
      "description": "Endpoint-specific throttling",
      "active": true,
      "targetVariableForIdentity": {
        "type": "HEADER",
        "headerName": "X-API-Key"
      },
      "messageCountForInterval": 50,
      "throttlingInterval": "ONE_MINUTE",
      "intervalPeriodLength": 1,
      "intervalWindowType": "FIXED"
    }
  }'

Example 3: Add Policy with Condition

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/conditional-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false,
      "order": 1
    },
    "policy": {
      "type": "policy-black-ip",
      "description": "Block IPs for VIP users",
      "active": true,
      "ipList": ["192.168.1.100"],
      "policyCondition": {
        "conditionRuleList": [
          {
            "conditionCriteria": "VALUE",
            "firstVariable": {
              "name": "userTypeHeader",
              "type": "HEADER",
              "headerName": "X-User-Type"
            },
            "variableDataType": "STRING",
            "valueComparisonOperator": "EQ",
            "secondValueSource": "VALUE",
            "secondValue": "PREMIUM"
          }
        ]
      }
    }
  }'

Permissions

  • User must have API_MANAGEMENT + MANAGE permission in the project
  • If deploy: true is set in the request, user must also have API_MANAGEMENT + DEPLOY_UNDEPLOY permission

Notes and Warnings

  • Policy Name: Policy name is taken from the path parameter, not from the request body. The name field in PolicyDTO is ignored (marked with @JsonIgnore).
  • Unique Names: Policy names must be unique within the API Proxy
  • Order: Order starts from 1. If order is null or >= current policy list size, policy is added at the end
  • Deployment: If deploy: true, ensure environments exist and user has deployment permissions
  • Conditions: If policyCondition is not provided, a default AND condition is created
  • Error Messages: If errorMessageList is not provided, standard error messages are used
  • Endpoint Scope: When using targetScope: ENDPOINT, ensure the endpoint exists in the API Proxy
  • Variable References: Variables can be referenced by id (if existing) or defined inline