Ana içeriğe atla

General Information

Policy Type

policy-auth-jwt

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-auth-jwt",
            "name": "jwt-auth-policy",
            "description": "JWT authentication policy",
            "active": true,
            "tokenNeverExpires": false,
            "tokenExpiresInAmount": 3600,
            "tokenExpiresInUnit": "SECONDS",
            "refreshTokenAllowed": true,
            "refreshTokenCount": 5,
            "refreshTokenExpiresInAmount": 86400,
            "refreshTokenExpiresInUnit": "SECONDS",
            "allowUrlParameters": false,
            "managedFromThisPolicy": true,
            "grantType": "PASSWORD",
            "jwtSignatureAlgorithm": "HS256"
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-jwt",
    "description": "JWT authentication policy - issue and validate tokens",
    "active": true,
    "tokenNeverExpires": false,
    "tokenExpiresInAmount": 3600,
    "tokenExpiresInUnit": "SECONDS",
    "refreshTokenAllowed": true,
    "refreshTokenCount": 5,
    "refreshTokenExpiresInAmount": 86400,
    "refreshTokenExpiresInUnit": "SECONDS",
    "allowUrlParameters": false,
    "managedFromThisPolicy": true,
    "grantType": "PASSWORD",
    "jwtSignatureAlgorithm": "HS256"
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-auth-jwt
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
tokenNeverExpiresbooleanNotrueWhether token never expires
tokenExpiresInAmountlongNo*-Token expiration amount (required if tokenNeverExpires=false)
tokenExpiresInUnitstringNo*-Token expiration unit (required if tokenNeverExpires=false)
refreshTokenAllowedbooleanNofalseAllow refresh tokens
refreshTokenCountintegerNo-Maximum number of refresh tokens per user
refreshTokenExpiresInAmountlongNo-Refresh token expiration amount
refreshTokenExpiresInUnitstringNo-Refresh token expiration unit
allowUrlParametersbooleanNofalseAllow token in URL parameters
managedFromThisPolicybooleanNotrueToken managed from this policy
grantTypestringNoPASSWORDGrant type for token issuance
jwtSignatureAlgorithmstringYes-JWT signature algorithm

EnumTimeUnit

  • MILLI_SECONDS - Milliseconds
  • SECONDS - Seconds
  • MINUTES - Minutes
  • HOURS - Hours
  • DAYS - Days
  • WEEKS - Weeks
  • MONTHS - Months
  • YEARS - Years

EnumPolicyAuthenticationGrantType

  • PASSWORD - Password grant type (username/password)
  • CLIENT_CREDENTIALS - Client credentials grant type (client_id/client_secret)

JWT Signature Algorithms

Common algorithms supported:
  • HS256 - HMAC SHA-256 (symmetric)
  • HS384 - HMAC SHA-384 (symmetric)
  • HS512 - HMAC SHA-512 (symmetric)
  • RS256 - RSA SHA-256 (asymmetric)
  • RS384 - RSA SHA-384 (asymmetric)
  • RS512 - RSA SHA-512 (asymmetric)
  • ES256 - ECDSA SHA-256 (asymmetric)
  • ES384 - ECDSA SHA-384 (asymmetric)
  • ES512 - ECDSA SHA-512 (asymmetric)

Note

  • If tokenNeverExpires: false, both tokenExpiresInAmount and tokenExpiresInUnit are required.
  • jwtSignatureAlgorithm is required.
  • refreshTokenCount limits the number of active refresh tokens per user.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/jwt-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-jwt",
      "description": "JWT authentication policy",
      "active": true,
      "tokenNeverExpires": false,
      "tokenExpiresInAmount": 3600,
      "tokenExpiresInUnit": "SECONDS",
      "refreshTokenAllowed": true,
      "refreshTokenCount": 5,
      "refreshTokenExpiresInAmount": 86400,
      "refreshTokenExpiresInUnit": "SECONDS",
      "allowUrlParameters": false,
      "managedFromThisPolicy": true,
      "grantType": "PASSWORD",
      "jwtSignatureAlgorithm": "HS256"
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-jwt",
    "description": "Updated JWT authentication policy",
    "active": true,
    "tokenNeverExpires": false,
    "tokenExpiresInAmount": 7200,
    "tokenExpiresInUnit": "SECONDS",
    "refreshTokenAllowed": true,
    "refreshTokenCount": 10,
    "refreshTokenExpiresInAmount": 172800,
    "refreshTokenExpiresInUnit": "SECONDS",
    "allowUrlParameters": false,
    "managedFromThisPolicy": true,
    "grantType": "CLIENT_CREDENTIALS",
    "jwtSignatureAlgorithm": "RS256"
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/jwt-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-jwt",
      "description": "Updated JWT authentication policy",
      "active": true,
      "tokenNeverExpires": false,
      "tokenExpiresInAmount": 7200,
      "tokenExpiresInUnit": "SECONDS",
      "refreshTokenAllowed": true,
      "refreshTokenCount": 10,
      "refreshTokenExpiresInAmount": 172800,
      "refreshTokenExpiresInUnit": "SECONDS",
      "allowUrlParameters": false,
      "managedFromThisPolicy": true,
      "grantType": "PASSWORD",
      "jwtSignatureAlgorithm": "HS256"
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDescription
targetScopestringYesPolicy scope: ALL or ENDPOINT
targetPipelinestringYesPipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/jwt-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

  • Token Expiration:
    • When tokenNeverExpires: false, provide tokenExpiresInAmount and tokenExpiresInUnit
    • When tokenNeverExpires: true, tokens never expire (use with caution)
  • Refresh Tokens:
    • When refreshTokenAllowed: true, clients can refresh expired access tokens
    • refreshTokenCount limits concurrent refresh tokens per user
    • Refresh tokens have separate expiration settings
  • Grant Types:
    • PASSWORD - Username/password authentication
    • CLIENT_CREDENTIALS - Client ID/client secret authentication
  • Signature Algorithms:
    • Symmetric (HS256, HS384, HS512) - Use shared secret
    • Asymmetric (RS256, RS384, RS512, ES256, ES384, ES512) - Use public/private key pair
  • URL Parameters: When allowUrlParameters: true, tokens can be passed in URL (less secure)
  • Managed Policy: When managedFromThisPolicy: true, tokens are issued and managed by this policy
  • KeyStore: For RSA/ECDSA algorithms, configure KeyStore with public/private keys
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.