Ana içeriğe atla

General Information

Policy Type

policy-auth-oauth2

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-auth-oauth2",
            "name": "oauth2-auth-policy",
            "description": "OAuth2 authentication policy",
            "active": true,
            "tokenNeverExpires": false,
            "tokenExpiresInAmount": 3600,
            "tokenExpiresInUnit": "SECONDS",
            "refreshTokenAllowed": true,
            "refreshTokenCount": 5,
            "refreshTokenExpiresInAmount": 86400,
            "refreshTokenExpiresInUnit": "SECONDS",
            "allowUrlParameters": false,
            "managedFromThisPolicy": true,
            "grantType": "PASSWORD",
            "deletePrevious": false
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-oauth2",
    "description": "OAuth2 authentication policy - issue and validate tokens",
    "active": true,
    "tokenNeverExpires": false,
    "tokenExpiresInAmount": 3600,
    "tokenExpiresInUnit": "SECONDS",
    "refreshTokenAllowed": true,
    "refreshTokenCount": 5,
    "refreshTokenExpiresInAmount": 86400,
    "refreshTokenExpiresInUnit": "SECONDS",
    "allowUrlParameters": false,
    "managedFromThisPolicy": true,
    "grantType": "PASSWORD",
    "deletePrevious": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-auth-oauth2
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
tokenNeverExpiresbooleanNotrueWhether token never expires
tokenExpiresInAmountlongNo*-Token expiration amount (required if tokenNeverExpires=false)
tokenExpiresInUnitstringNo*-Token expiration unit (required if tokenNeverExpires=false)
refreshTokenAllowedbooleanNofalseAllow refresh tokens
refreshTokenCountintegerNo-Maximum number of refresh tokens per user
refreshTokenExpiresInAmountlongNo-Refresh token expiration amount
refreshTokenExpiresInUnitstringNo-Refresh token expiration unit
allowUrlParametersbooleanNofalseAllow token in URL parameters
managedFromThisPolicybooleanNotrueToken managed from this policy
grantTypestringNoPASSWORDGrant type for token issuance
deletePreviousbooleanNofalseDelete previous tokens when issuing new token

EnumTimeUnit

  • MILLI_SECONDS - Milliseconds
  • SECONDS - Seconds
  • MINUTES - Minutes
  • HOURS - Hours
  • DAYS - Days
  • WEEKS - Weeks
  • MONTHS - Months
  • YEARS - Years

EnumPolicyAuthenticationGrantType

  • PASSWORD - Password grant type (username/password)
  • CLIENT_CREDENTIALS - Client credentials grant type (client_id/client_secret)

Note

  • If tokenNeverExpires: false, both tokenExpiresInAmount and tokenExpiresInUnit are required.
  • refreshTokenCount limits the number of active refresh tokens per user.
  • When deletePrevious: true, issuing a new token deletes previous tokens for the same user.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/oauth2-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-oauth2",
      "description": "OAuth2 authentication policy",
      "active": true,
      "tokenNeverExpires": false,
      "tokenExpiresInAmount": 3600,
      "tokenExpiresInUnit": "SECONDS",
      "refreshTokenAllowed": true,
      "refreshTokenCount": 5,
      "refreshTokenExpiresInAmount": 86400,
      "refreshTokenExpiresInUnit": "SECONDS",
      "allowUrlParameters": false,
      "managedFromThisPolicy": true,
      "grantType": "PASSWORD",
      "deletePrevious": false
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-auth-oauth2",
    "description": "Updated OAuth2 authentication policy",
    "active": true,
    "tokenNeverExpires": false,
    "tokenExpiresInAmount": 7200,
    "tokenExpiresInUnit": "SECONDS",
    "refreshTokenAllowed": true,
    "refreshTokenCount": 10,
    "refreshTokenExpiresInAmount": 172800,
    "refreshTokenExpiresInUnit": "SECONDS",
    "allowUrlParameters": false,
    "managedFromThisPolicy": true,
    "grantType": "CLIENT_CREDENTIALS",
    "deletePrevious": true
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/oauth2-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-auth-oauth2",
      "description": "Updated OAuth2 authentication policy",
      "active": true,
      "tokenNeverExpires": false,
      "tokenExpiresInAmount": 7200,
      "tokenExpiresInUnit": "SECONDS",
      "refreshTokenAllowed": true,
      "refreshTokenCount": 10,
      "refreshTokenExpiresInAmount": 172800,
      "refreshTokenExpiresInUnit": "SECONDS",
      "allowUrlParameters": false,
      "managedFromThisPolicy": true,
      "grantType": "PASSWORD",
      "deletePrevious": false
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/oauth2-auth-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

  • Token Expiration:
    • When tokenNeverExpires: false, provide tokenExpiresInAmount and tokenExpiresInUnit
    • When tokenNeverExpires: true, tokens never expire (use with caution)
  • Refresh Tokens:
    • When refreshTokenAllowed: true, clients can refresh expired access tokens
    • refreshTokenCount limits concurrent refresh tokens per user
    • Refresh tokens have separate expiration settings
  • Grant Types:
    • PASSWORD - Username/password authentication (Resource Owner Password Credentials)
    • CLIENT_CREDENTIALS - Client ID/client secret authentication (for service-to-service)
  • Delete Previous:
    • When deletePrevious: true, issuing a new token invalidates previous tokens for the same user
    • When deletePrevious: false, multiple tokens can be active for the same user
  • URL Parameters: When allowUrlParameters: true, tokens can be passed in URL (less secure, not recommended)
  • Managed Policy: When managedFromThisPolicy: true, tokens are issued and managed by this policy
  • OAuth2 Standard: This policy implements OAuth2 specification for token management
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.