Clear Text Authentication Policy - Apinizer Dokümantasyonu

General Information

Policy Type

policy-auth-clear-text

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer `{token}`

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-auth-clear-text",
            "name": "clear-text-auth-policy",
            "description": "Authenticate using clear text credentials",
            "active": true,
            "usernameVar": {
              "type": "HEADER",
              "headerName": "X-Username"
            },
            "passwordVar": {
              "type": "HEADER",
              "headerName": "X-Password"
            },
            "checkPassword": true,
            "clearAuth": false,
            "addUserToHeader": true,
            "userHeaderName": "X-Authenticated-User"
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example - Header-Based Authentication

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-clear-text",
    "description": "Authenticate using headers",
    "active": true,
    "usernameVar": {
      "type": "HEADER",
      "headerName": "X-Username"
    },
    "passwordVar": {
      "type": "HEADER",
      "headerName": "X-Password"
    },
    "checkPassword": true,
    "clearAuth": false,
    "addUserToHeader": true,
    "userHeaderName": "X-Authenticated-User"
  }
}

Full JSON Body Example - Parameter-Based Authentication

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-clear-text",
    "description": "Authenticate using parameters",
    "active": true,
    "usernameVar": {
      "type": "PARAMETER",
      "paramName": "username"
    },
    "passwordVar": {
      "type": "PARAMETER",
      "paramName": "password"
    },
    "checkPassword": true,
    "clearAuth": true,
    "addUserToHeader": false,
    "userHeaderName": null
  }
}

Full JSON Body Example - Body-Based Authentication

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-clear-text",
    "description": "Authenticate using body fields",
    "active": true,
    "usernameVar": {
      "type": "BODY",
      "bodyJsonPath": "$.username"
    },
    "passwordVar": {
      "type": "BODY",
      "bodyJsonPath": "$.password"
    },
    "checkPassword": true,
    "clearAuth": false,
    "addUserToHeader": true,
    "userHeaderName": "X-User"
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: `ALL` or `ENDPOINT`
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: `REQUEST`, `RESPONSE`, or `ERROR`
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

ALL - Policy applies to all endpoints
ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

REQUEST - Executes in request pipeline (authenticates request)
RESPONSE - Executes in response pipeline
ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: `policy-auth-clear-text`
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
usernameVar	object	Yes	-	Variable for extracting username
passwordVar	object	No*	-	Variable for extracting password (required if checkPassword=true)
checkPassword	boolean	No	true	Whether to check password during authentication
clearAuth	boolean	No	false	Clear authentication data after validation
addUserToHeader	boolean	No	false	Add authenticated user to header
userHeaderName	string	No*	-	Header name for authenticated user (required if addUserToHeader=true)

Note

usernameVar is required.
If checkPassword: true, passwordVar is required.
If addUserToHeader: true, userHeaderName is required.

usernameVar / passwordVar

Variable object with the following fields:

Field	Type	Required	Description
type	string	Yes	Variable type: `HEADER`, `PARAMETER`, `BODY`, `CONTEXT_VALUES`, `CUSTOM`
headerName	string	No*	Header name (required if type=HEADER)
paramName	string	No*	Parameter name (required if type=PARAMETER)
bodyJsonPath	string	No*	JSON path (required if type=BODY for JSON)
bodyXPath	string	No*	XPath (required if type=BODY for XML)
contextValue	string	No*	Context value (required if type=CONTEXT_VALUES)

EnumVariableType

HEADER - Extract from HTTP header
PARAMETER - Extract from query/path parameter
BODY - Extract from request body (JSON path or XPath)
CONTEXT_VALUES - Extract from context values
CUSTOM - Extract from custom variable

JSON Path Examples

$.username - Root level field
$.user.name - Nested field
$.users[0].name - Array element

XPath Examples

/root/username - Absolute path
//username - Anywhere in document
/root/user[@id='1']/name - With attribute condition

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/clear-text-auth/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-clear-text",
      "description": "Clear text authentication",
      "active": true,
      "usernameVar": {
        "type": "HEADER",
        "headerName": "X-Username"
      },
      "passwordVar": {
        "type": "HEADER",
        "headerName": "X-Password"
      },
      "checkPassword": true,
      "clearAuth": false,
      "addUserToHeader": true,
      "userHeaderName": "X-Authenticated-User"
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-clear-text",
    "description": "Updated: Authenticate using headers with enhanced security",
    "active": true,
    "usernameVar": {
      "type": "HEADER",
      "headerName": "X-Username"
    },
    "passwordVar": {
      "type": "HEADER",
      "headerName": "X-Password"
    },
    "checkPassword": true,
    "clearAuth": true,
    "addUserToHeader": true,
    "userHeaderName": "X-Authenticated-User"
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

Username Variable: usernameVar is required and must specify where to extract username
Password Variable: passwordVar is required if checkPassword: true
Password Checking: When checkPassword: true, password is validated against user store
Clear Auth: When clearAuth: true, authentication data is removed after validation
Add User to Header: When addUserToHeader: true, authenticated username is added to specified header
User Header Name: Required if addUserToHeader: true
Variable Types:
- HEADER - Extract from HTTP header
- PARAMETER - Extract from query/path parameter
- BODY - Extract from request body (JSON path or XPath)
- CONTEXT_VALUES - Extract from context values
JSON Path: Use JSON path syntax for JSON body (e.g., $.username, $.user.name)
XPath: Use XPath syntax for XML body (e.g., /root/username, //username)
Security: Clear text authentication transmits credentials in plain text. Use HTTPS only.
Performance: Authentication adds processing overhead. Use for necessary authentication only.
Pipeline:
- REQUEST pipeline authenticates request before forwarding
- Authentication failure results in 401 Unauthorized response
Error Handling: Invalid credentials or missing variables cause authentication to fail
Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

List Policies - List all policies
Add Policy - General policy addition guide
Update Policy - General policy update guide
Delete Policy - General policy deletion guide
Basic Authentication Policy - HTTP Basic Authentication
Digest Authentication Policy - HTTP Digest Authentication

Home

​General Information

​Policy Type

​Endpoints

​List Policies

​Add Policy

​Update Policy

​Delete Policy

​List Policies

​Endpoint

​Request

​Headers

​Path Parameters

​Response

​Success Response (200 OK)

​cURL Example

​Add Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example - Header-Based Authentication

Full JSON Body Example - Parameter-Based Authentication

Full JSON Body Example - Body-Based Authentication

​Request Body Fields

operationMetadata

policy

​Note

usernameVar / passwordVar

​EnumVariableType

​JSON Path Examples

​XPath Examples

​Response

​Success Response (200 OK)

​cURL Example

​Update Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Response

​Success Response (200 OK)

​Delete Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Response

​Success Response (200 OK)

​Notes and Warnings

​Related Documentation

General Information

Policy Type

Endpoints

List Policies

Add Policy

Update Policy

Delete Policy

List Policies

Endpoint

Request

Headers

Path Parameters

Response

Success Response (200 OK)

cURL Example

Add Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Request Body Fields

Note

EnumVariableType

JSON Path Examples

XPath Examples

Response

Success Response (200 OK)

cURL Example

Update Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Response

Success Response (200 OK)

Delete Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Response

Success Response (200 OK)

Notes and Warnings

Related Documentation