Ana içeriğe atla

General Information

Policy Type

policy-api-authentication

Description

API Authentication policy adds authentication credentials to outgoing requests to target APIs. It supports BASIC, BASE64, DIGEST, and API authentication types, and can send credentials via headers, parameters, body message, or body injection. This policy enables Apinizer to authenticate with backend APIs on behalf of clients.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-api-authentication",
            "name": "api-auth-policy",
            "description": "Authenticate with backend API",
            "active": true,
            "authType": "BASIC",
            "sendType": "HEADER",
            "usernameFieldName": "X-Username",
            "passwordFieldName": "X-Password",
            "messageContentType": "XML"
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}
Note: In list operations, passwords in apiAuthCondExpressionList are cleared for security.

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - BASIC Authentication with HEADER
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["tester"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Basic authentication via header",
    "active": true,
    "authType": "BASIC",
    "sendType": "HEADER",
    "usernameFieldName": "X-Username",
    "passwordFieldName": "X-Password",
    "messageContentType": "XML",
    "apiAuthCondExpressionList": [
      {
        "id": 1,
        "username": "api-user",
        "password": "api-password",
        "policyCondition": null
      }
    ]
  }
}
Full JSON Body Example - BASE64 Authentication with PARAM
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Base64 authentication via parameter",
    "active": true,
    "authType": "BASE64",
    "sendType": "PARAM",
    "passwordFieldName": "token",
    "messageContentType": "XML",
    "apiAuthCondExpressionList": [
      {
        "id": 1,
        "username": "api-user",
        "password": "api-password",
        "policyCondition": null
      }
    ]
  }
}
Full JSON Body Example - DIGEST Authentication with HEADER
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Digest authentication via header",
    "active": true,
    "authType": "DIGEST",
    "sendType": "HEADER",
    "usernameFieldName": "X-Username",
    "passwordFieldName": "X-Password",
    "createdFieldName": "X-Created",
    "nonceFieldName": "X-Nonce",
    "messageContentType": "XML",
    "apiAuthCondExpressionList": [
      {
        "id": 1,
        "username": "api-user",
        "password": "api-password",
        "policyCondition": null
      }
    ]
  }
}
Full JSON Body Example - BODY_MESSAGE Send Type
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Authentication via body message",
    "active": true,
    "authType": "BASIC",
    "sendType": "BODY_MESSAGE",
    "messageContentType": "JSON",
    "bodyMessage": "{\n  \"credentials\": {\n    \"username\": \"${username}\",\n    \"password\": \"${password}\"\n  }\n}",
    "bodyMessageInjectionPath": "$.auth",
    "apiAuthCondExpressionList": [
      {
        "id": 1,
        "username": "api-user",
        "password": "api-password",
        "policyCondition": null
      }
    ]
  }
}
Full JSON Body Example - BODY_INJECTION Send Type
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Authentication via body injection",
    "active": true,
    "authType": "BASIC",
    "sendType": "BODY_INJECTION",
    "messageContentType": "JSON",
    "usernameFieldName": "username",
    "passwordFieldName": "password",
    "usernameInjectionPath": "$.auth.username",
    "passwordInjectionPath": "$.auth.password",
    "apiAuthCondExpressionList": [
      {
        "id": 1,
        "username": "api-user",
        "password": "api-password",
        "policyCondition": null
      }
    ]
  }
}
Full JSON Body Example - Using authApiName
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-authentication",
    "description": "Authentication using API name",
    "active": true,
    "authApiName": "auth-api-name",
    "messageContentType": "XML"
  }
}
Note: authApiName is currently used directly as API ID. Name to ID conversion will be implemented in a future release.

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline (adds authentication to request)
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-api-authentication
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
authTypestringNo*-Authentication type (required if using conditional expressions)
sendTypestringNo*-Send type (required if using conditional expressions)
messageContentTypestringNoXMLMessage content type: XML, JSON, or ALL_BODY
usernameFieldNamestringNo*-Username field name (required for BASIC/DIGEST with HEADER/PARAM, BODY_INJECTION)
passwordFieldNamestringNo*-Password field name (required for BASIC/BASE64/DIGEST with HEADER/PARAM, BODY_INJECTION)
createdFieldNamestringNo*-Created timestamp field name (required for DIGEST with HEADER/PARAM)
nonceFieldNamestringNo*-Nonce field name (required for DIGEST with HEADER/PARAM)
bodyMessagestringNo*-Body message template (required for BODY_MESSAGE send type)
bodyMessageInjectionPathstringNo*-Body message injection path (required for BODY_MESSAGE send type)
usernameInjectionPathstringNo*-Username injection path (required for BODY_INJECTION send type)
passwordInjectionPathstringNo*-Password injection path (required for BODY_INJECTION send type)
createdInjectionPathstringNo-Created timestamp injection path (for DIGEST with BODY_INJECTION)
nonceInjectionPathstringNo-Nonce injection path (for DIGEST with BODY_INJECTION)
authApiNamestringNo*-Authentication API name (alternative to conditional expressions)
apiAuthCondExpressionListarrayNo*[]List of conditional authentication expressions (required if authApiName not provided)

EnumPolicyApiAuthenticationAuthType

  • BASIC - Plain text username/password authentication
  • BASE64 - Base64 encoded authentication
  • DIGEST - HTTP Digest authentication
  • API - API-based authentication

EnumPolicyApiAuthenticationSendType

  • HEADER - Send credentials via HTTP headers
  • PARAM - Send credentials via query/path parameters
  • BODY_MESSAGE - Send credentials via body message template
  • BODY_INJECTION - Inject credentials into existing body

EnumMessageContentType

  • XML - XML message content
  • JSON - JSON message content
  • ALL_BODY - All body content types

Note

  • Either authApiName or apiAuthCondExpressionList must be provided.
  • If using apiAuthCondExpressionList, authType and sendType are required.
  • Field name requirements vary by authType and sendType combination.
  • Note: authApiName is currently used directly as API ID. Name to ID conversion will be implemented in a future release.
apiAuthCondExpressionList
Each conditional expression is an object with the following fields:
FieldTypeRequiredDefaultDescription
idintegerNo-Expression ID (auto-generated)
usernamestringYes-Username for authentication
passwordstringYes-Password for authentication (encrypted)
policyConditionobjectNonullPolicy condition for conditional authentication

Note

  • username and password are required.
  • password is encrypted when stored.
  • policyCondition allows conditional authentication based on request context.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/api-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-authentication",
      "description": "Basic authentication",
      "active": true,
      "authType": "BASIC",
      "sendType": "HEADER",
      "usernameFieldName": "X-Username",
      "passwordFieldName": "X-Password",
      "messageContentType": "XML",
      "apiAuthCondExpressionList": [
        {
          "username": "api-user",
          "password": "api-password"
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Authentication Type:
    • BASIC - Plain text username/password
    • BASE64 - Base64 encoded credentials
    • DIGEST - HTTP Digest authentication (requires created/nonce fields)
    • API - API-based authentication
  • Send Type:
    • HEADER - Via HTTP headers
    • PARAM - Via query/path parameters
    • BODY_MESSAGE - Via body message template
    • BODY_INJECTION - Inject into existing body
  • Configuration: Either authApiName or apiAuthCondExpressionList must be provided
  • API Name: authApiName is currently used directly as API ID. Name to ID conversion will be implemented in a future release.
  • Field Names: Required field names vary by authType and sendType combination
  • DIGEST Authentication: Requires createdFieldName and nonceFieldName for HEADER/PARAM
  • BODY_MESSAGE: Requires bodyMessage template and bodyMessageInjectionPath
  • BODY_INJECTION: Requires usernameInjectionPath and passwordInjectionPath
  • Conditional Expressions: Multiple expressions allow different credentials based on conditions
  • Password Security: Passwords are encrypted when stored
  • Pipeline:
    • REQUEST pipeline adds authentication to request before forwarding to target API
    • Authentication is added based on configured send type
  • Error Handling: Invalid authentication configuration may cause request forwarding to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.