Ana içeriğe atla

General Information

Policy Type

policy-auth-digest

Description

Digest Authentication policy validates HTTP Digest Authentication credentials. Digest authentication is more secure than Basic authentication as it uses hashing instead of Base64 encoding. It extracts username, password, nonce, and created timestamp from the request and validates them against an authentication source.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-auth-digest",
            "name": "digest-auth-policy",
            "description": "Digest authentication policy",
            "active": true,
            "usernameVar": {
              "type": "HEADER",
              "headerName": "Authorization"
            },
            "passwordVar": {
              "type": "HEADER",
              "headerName": "Authorization"
            },
            "nonceVar": null,
            "createdVar": null,
            "clearAuth": false,
            "addUserToHeader": true,
            "userHeaderName": "X-Authenticated-User"
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-digest",
    "description": "Digest authentication policy - validate credentials from Authorization header",
    "active": true,
    "usernameVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "passwordVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "nonceVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "createdVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "clearAuth": false,
    "addUserToHeader": true,
    "userHeaderName": "X-Authenticated-User"
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-auth-digest
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
usernameVarobjectYes-Variable to extract username from request
passwordVarobjectYes-Variable to extract password from request
nonceVarobjectNo-Variable to extract nonce from request (optional)
createdVarobjectNo-Variable to extract created timestamp from request (optional)
clearAuthbooleanNofalseClear authentication header after validation
addUserToHeaderbooleanNofalseAdd authenticated user to header
userHeaderNamestringNo*-Header name to add authenticated user (required if addUserToHeader=true)

Note

  • usernameVar and passwordVar are required.
  • nonceVar and createdVar are optional but recommended for enhanced security.
  • userHeaderName is required when addUserToHeader is true.
usernameVar, passwordVar, nonceVar, createdVar
FieldTypeRequiredDescription
typestringYesVariable type: HEADER, PARAMETER, BODY, CONTEXT, SCRIPT
headerNamestringNo*Header name (required if type=HEADER)
paramNamestringNo*Parameter name (required if type=PARAMETER)
contextValuestringNo*Context value (required if type=CONTEXT)

type

  • HEADER - Extract from HTTP header (typically “Authorization”)
  • PARAMETER - Extract from query/path parameter
  • BODY - Extract from request body
  • CONTEXT - Extract from context (e.g., CLIENT_IP)
  • SCRIPT - Extract using script

contextValue

  • CLIENT_IP - Client IP address
  • REQUEST_URI - Request URI
  • REQUEST_METHOD - HTTP method
  • USER_AGENT - User agent string

Digest Authentication Format

The Authorization header contains digest authentication parameters: 
Authorization: Digest username="user", realm="realm", nonce="nonce", uri="/path", response="response", algorithm=MD5, qop=auth

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digest-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-digest",
      "description": "Digest authentication policy",
      "active": true,
      "usernameVar": {
        "type": "HEADER",
        "headerName": "Authorization"
      },
      "passwordVar": {
        "type": "HEADER",
        "headerName": "Authorization"
      },
      "clearAuth": false,
      "addUserToHeader": true,
      "userHeaderName": "X-Authenticated-User"
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-digest",
    "description": "Updated digest authentication policy",
    "active": true,
    "usernameVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "passwordVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "nonceVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "createdVar": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "clearAuth": true,
    "addUserToHeader": true,
    "userHeaderName": "X-User"
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digest-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-digest",
      "description": "Updated digest authentication policy",
      "active": true,
      "usernameVar": {
        "type": "HEADER",
        "headerName": "Authorization"
      },
      "passwordVar": {
        "type": "HEADER",
        "headerName": "Authorization"
      },
      "clearAuth": true,
      "addUserToHeader": true,
      "userHeaderName": "X-User"
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}
Request Body Fields
operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digest-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

  • Authentication Source: This policy validates credentials against an authentication source configured in the policy (LDAP, Database, Memory, or API). Configure the authentication source separately.
  • Digest Authentication: More secure than Basic authentication as it uses hashing (MD5) instead of Base64 encoding
  • Required Fields: usernameVar and passwordVar are required. nonceVar and createdVar are optional but recommended for enhanced security.
  • Authorization Header: Digest Authentication uses the Authorization header with format: Digest username="...", realm="...", nonce="...", uri="...", response="...", ...
  • Clear Auth: When clearAuth: true, the Authorization header is removed after validation (prevents forwarding credentials to backend)
  • Add User to Header: When addUserToHeader: true, the authenticated username is added to the specified header
  • User Header Name: Required when addUserToHeader: true. This header will contain the authenticated username.
  • Variable Extraction: All variables extract from the same Authorization header. The policy parses the digest parameters.
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.