Ana içeriğe atla

General Information

Policy Type

policy-api-call

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-api-call",
            "name": "external-api-call",
            "description": "Call external API for validation",
            "active": true,
            "callType": "SYNCHRONOUS",
            "httpMethod": "POST",
            "url": "https://api.example.com/validate",
            "timeout": 5000,
            "certificateEnabled": false,
            "enableCache": false
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - Synchronous Call with Cache
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-call",
    "description": "Call external validation API with caching",
    "active": true,
    "callType": "SYNCHRONOUS",
    "httpMethod": "POST",
    "url": "https://api.example.com/validate",
    "timeout": 5000,
    "certificateEnabled": false,
    "clearBodyBeforeCall": false,
    "useMessageTemplateBeforeCall": true,
    "enumTestConsoleRequestBodyType": "JSON",
    "bodyContentBeforeCall": "{\n  \"userId\": \"${userId}\",\n  \"action\": \"validate\"\n}",
    "urlEncodedList": [],
    "dataManipulationListBeforeCall": [],
    "removeAllHeadersBeforeCall": true,
    "headersToBeDeletedBeforeCallList": [],
    "headersToBeAddedBeforeCallList": [
      {
        "name": "Content-Type",
        "valueSource": "VALUE",
        "value": "application/json",
        "prefix": null
      },
      {
        "name": "Authorization",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "Authorization"
        },
        "prefix": "BEARER"
      }
    ],
    "removeAllParametersBeforeCall": true,
    "parametersToBeDeletedBeforeCallList": [],
    "parametersToBeAddedBeforeCallList": [
      {
        "name": "apiKey",
        "valueSource": "VALUE",
        "value": "your-api-key"
      }
    ],
    "enableCache": true,
    "cacheBy": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "capacity": 1000,
    "ttl": 3600,
    "cacheNullResponses": false,
    "cacheStorageType": "DISTRIBUTED",
    "afterCallBodyOperationType": "REPLACE_BODY",
    "useMessageTemplateAfterCall": false,
    "messageTemplateContentTypeAfterCall": "JSON",
    "bodyContentAfterCall": null,
    "dataManipulationListAfterCall": [],
    "removeAllHeadersAfterCall": false,
    "headersToBeDeletedAfterCallList": [],
    "headersToBeAddedAfterCallList": [],
    "removeAllParametersAfterCall": false,
    "parametersToBeDeletedAfterCallList": [],
    "parametersToBeAddedAfterCallList": [],
    "prepareMessage": false,
    "modifyMessage": false,
    "newBodyContentSourceType": null
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-api-call
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
callTypestringYes-Call type: SYNCHRONOUS or ONE_WAY
httpMethodstringYes-HTTP method for API call
urlstringYes-Target API URL
timeoutintegerNo-Request timeout in milliseconds
certificateNamestringNo-Certificate name for mTLS (required if certificateEnabled=true)
certificateEnabledbooleanNofalseEnable mTLS certificate
clearBodyBeforeCallbooleanNofalseClear request body before API call
useMessageTemplateBeforeCallbooleanNotrueUse message template for request body
enumTestConsoleRequestBodyTypestringNoXMLRequest body content type
bodyContentBeforeCallstringNo-Request body template
urlEncodedListarrayNo[]URL encoded form parameters
dataManipulationListBeforeCallarrayNo[]Data manipulation for request
removeAllHeadersBeforeCallbooleanNotrueRemove all headers before call
headersToBeDeletedBeforeCallListarrayNo[]Headers to delete before call
headersToBeAddedBeforeCallListarrayNo[]Headers to add before call
removeAllParametersBeforeCallbooleanNotrueRemove all parameters before call
parametersToBeDeletedBeforeCallListarrayNo[]Parameters to delete before call
parametersToBeAddedBeforeCallListarrayNo[]Parameters to add before call
enableCachebooleanNofalseEnable response caching
cacheByobjectNo-Variable for cache key
capacityintegerNo*-Cache capacity (required if enableCache=true)
ttlintegerNo*-Cache TTL in seconds (required if enableCache=true)
cacheNullResponsesbooleanNotrueCache null/error responses
cacheStorageTypestringNoDISTRIBUTEDCache storage type
afterCallBodyOperationTypestringNo-Operation on original body after call
useMessageTemplateAfterCallbooleanNotrueUse message template after call
messageTemplateContentTypeAfterCallstringNoXMLResponse body content type
bodyContentAfterCallstringNo-Response body template
dataManipulationListAfterCallarrayNo[]Data manipulation for response
removeAllHeadersAfterCallbooleanNofalseRemove all headers after call
headersToBeDeletedAfterCallListarrayNo[]Headers to delete after call
headersToBeAddedAfterCallListarrayNo[]Headers to add after call
removeAllParametersAfterCallbooleanNofalseRemove all parameters after call
parametersToBeDeletedAfterCallListarrayNo[]Parameters to delete after call
parametersToBeAddedAfterCallListarrayNo[]Parameters to add after call
prepareMessagebooleanNofalsePrepare message flag
modifyMessagebooleanNofalseModify message flag
newBodyContentSourceTypestringNo-Source type for new body content

EnumPolicyRestApiCallType

  • SYNCHRONOUS - Two-way call, waits for response (supports caching)
  • ONE_WAY - Fire-and-forget call, no response expected (no caching)

EnumHttpRequestMethod

  • GET - GET request
  • POST - POST request
  • PUT - PUT request
  • DELETE - DELETE request
  • PATCH - PATCH request
  • OPTIONS - OPTIONS request
  • HEAD - HEAD request

EnumMessageTemplateContentType

  • XML - XML content
  • JSON - JSON content
  • RAW - Raw text content
  • URL_ENCODED - application/x-www-form-urlencoded

EnumCacheStorageType

  • LOCAL - Local cache (per node)
  • DISTRIBUTED - Distributed cache (shared across nodes)

EnumOriginalMessageOperationType

  • NOT_CHANGE_BODY - Keep original body unchanged
  • REPLACE_BODY - Replace original body with API call response
  • CLEAR_BODY - Clear original body after call

EnumMessageTemplateContentType (After Call)

  • XML - XML content
  • JSON - JSON content
  • RAW - Raw text content

EnumBodyContentSourceType

  • VALUE - Use static value
  • VARIABLE - Use variable value

Note

  • url and httpMethod are required.
  • callType is required.
  • If enableCache: true, capacity and ttl are required, and callType must be SYNCHRONOUS.
  • If certificateEnabled: true, certificateName is required.
headersToBeAddedBeforeCallList / headersToBeAddedAfterCallList
Each header is an object with the following fields:
FieldTypeRequiredDescription
namestringYesHeader name
descriptionstringNoHeader description
valueSourcestringYesValue source: VALUE or VARIABLE
valuestringNo*Header value (required if valueSource=VALUE)
variableobjectNo*Variable object (required if valueSource=VARIABLE)
prefixstringNoHeader prefix

EnumValueSource

  • VALUE - Use static value
  • VARIABLE - Extract from variable

EnumRestApiHeaderPrefix

  • NONE - No prefix
  • BASIC - Basic prefix (for Authorization header)
  • BEARER - Bearer prefix (for Authorization header)
  • DIGEST - Digest prefix (for Authorization header)

Note

  • If valueSource: VALUE, provide value.
  • If valueSource: VARIABLE, provide variable object.
parametersToBeAddedBeforeCallList / parametersToBeAddedAfterCallList
Each parameter is an object with the following fields:
FieldTypeRequiredDescription
namestringYesParameter name
descriptionstringNoParameter description
valueSourcestringYesValue source: VALUE or VARIABLE
valuestringNo*Parameter value (required if valueSource=VALUE)
variableobjectNo*Variable object (required if valueSource=VARIABLE)

EnumValueSource

  • VALUE - Use static value
  • VARIABLE - Extract from variable

Note

  • If valueSource: VALUE, provide value.
  • If valueSource: VARIABLE, provide variable object.
urlEncodedList
Each form parameter is an object with the following fields:
FieldTypeRequiredDescription
keystringYesForm parameter key
valuestringYesForm parameter value
descriptionstringNoParameter description
Note: Used when enumTestConsoleRequestBodyType: URL_ENCODED.
dataManipulationListBeforeCall / dataManipulationListAfterCall
Each data manipulation is an object with the following fields:
FieldTypeRequiredDescription
operationstringYesOperation type: ADD, ADD_OR_EDIT, or DELETE
sourceValueSourcestringNoSource value source: VALUE or VARIABLE
sourceVarobjectNoSource variable
sourceValuestringNoSource value
targetNamestringYesTarget field name/path
targetValueSourcestringNoTarget value source: VALUE or VARIABLE
targetVarobjectNoTarget variable
targetValuestringNoTarget value

EnumRestApiDataManipulationDefOperation

  • ADD - Add new field
  • ADD_OR_EDIT - Add or edit existing field
  • DELETE - Delete field

EnumValueSource

  • VALUE - Use static value
  • VARIABLE - Extract from variable
cacheBy
Variable object for cache key generation:
FieldTypeRequiredDescription
typestringYesVariable type: HEADER, PARAMETER, BODY, CONTEXT, SCRIPT
headerNamestringNo*Header name (required if type=HEADER)
paramNamestringNo*Parameter name (required if type=PARAMETER)
contextValuestringNo*Context value (required if type=CONTEXT)
Note: Cache key is generated from the specified variable. If not provided, entire request is used as cache key.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/external-api-call/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-call",
      "description": "Call external API",
      "active": true,
      "callType": "SYNCHRONOUS",
      "httpMethod": "POST",
      "url": "https://api.example.com/validate",
      "timeout": 5000,
      "removeAllHeadersBeforeCall": true,
      "headersToBeAddedBeforeCallList": [
        {
          "name": "Content-Type",
          "valueSource": "VALUE",
          "value": "application/json"
        }
      ],
      "enableCache": false
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-call",
    "description": "Updated: Call external validation API with enhanced caching",
    "active": true,
    "callType": "SYNCHRONOUS",
    "httpMethod": "POST",
    "url": "https://api.example.com/v2/validate",
    "timeout": 8000,
    "certificateEnabled": false,
    "clearBodyBeforeCall": false,
    "useMessageTemplateBeforeCall": true,
    "enumTestConsoleRequestBodyType": "JSON",
    "bodyContentBeforeCall": "{\n  \"userId\": \"${userId}\",\n  \"action\": \"validate\",\n  \"timestamp\": \"${timestamp}\"\n}",
    "urlEncodedList": [],
    "dataManipulationListBeforeCall": [],
    "removeAllHeadersBeforeCall": true,
    "headersToBeDeletedBeforeCallList": [],
    "headersToBeAddedBeforeCallList": [
      {
        "name": "Content-Type",
        "valueSource": "VALUE",
        "value": "application/json",
        "prefix": null
      },
      {
        "name": "Authorization",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "Authorization"
        },
        "prefix": "BEARER"
      },
      {
        "name": "X-Request-ID",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "X-Request-ID"
        },
        "prefix": null
      }
    ],
    "removeAllParametersBeforeCall": true,
    "parametersToBeDeletedBeforeCallList": [],
    "parametersToBeAddedBeforeCallList": [
      {
        "name": "apiKey",
        "valueSource": "VALUE",
        "value": "updated-api-key-2024"
      },
      {
        "name": "version",
        "valueSource": "VALUE",
        "value": "v2"
      }
    ],
    "enableCache": true,
    "cacheBy": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "capacity": 5000,
    "ttl": 7200,
    "cacheNullResponses": false,
    "cacheStorageType": "DISTRIBUTED",
    "afterCallBodyOperationType": "REPLACE_BODY",
    "useMessageTemplateAfterCall": false,
    "messageTemplateContentTypeAfterCall": "JSON",
    "bodyContentAfterCall": null,
    "dataManipulationListAfterCall": [],
    "removeAllHeadersAfterCall": false,
    "headersToBeDeletedAfterCallList": [],
    "headersToBeAddedAfterCallList": [
      {
        "name": "X-Validated",
        "valueSource": "VALUE",
        "value": "true",
        "prefix": null
      }
    ],
    "removeAllParametersAfterCall": false,
    "parametersToBeDeletedAfterCallList": [],
    "parametersToBeAddedAfterCallList": [],
    "prepareMessage": false,
    "modifyMessage": false,
    "newBodyContentSourceType": null
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Call Type:
    • SYNCHRONOUS - Waits for response, supports caching
    • ONE_WAY - Fire-and-forget, no caching support
  • Caching:
    • Only available for SYNCHRONOUS calls
    • Requires capacity and ttl when enabled
    • Cache key can be based on variable (e.g., Authorization header)
  • mTLS:
    • Requires certificateName when certificateEnabled: true
    • Certificate name is resolved to certificate ID automatically
    • Certificate must be configured in Certificate Store (project or global)
    • Certificate is searched first in project, then in global certificates
  • Request Transformation:
    • Use bodyContentBeforeCall with variable placeholders (e.g., ${userId})
    • Variables are replaced at runtime
  • Response Handling:
    • NOT_CHANGE_BODY - Original body remains unchanged
    • REPLACE_BODY - Original body replaced with API response
    • CLEAR_BODY - Original body cleared
  • Headers and Parameters:
    • Can remove all or specific headers/parameters
    • Can add new headers/parameters with static values or variables
  • URL Encoded Forms:
    • Use urlEncodedList when enumTestConsoleRequestBodyType: URL_ENCODED
  • Data Manipulation:
    • Add, edit, or delete fields in request/response
    • Supports variable extraction and transformation
  • Timeout: Specified in milliseconds
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.