Ana içeriğe atla

General Information

Policy Type

policy-business-rule

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-business-rule",
            "name": "business-rule-policy",
            "description": "Add timestamp to request",
            "active": true,
            "actionList": [
              {
                "actionType": "ADD",
                "sourceVar": {
                  "type": "CONTEXT_VALUES",
                  "contextValue": "NOW"
                },
                "sourceDataType": "STRING",
                "targetValSource": "VALUE",
                "targetVal": "${NOW}",
                "targetVar": {
                  "type": "HEADER",
                  "headerName": "X-Timestamp"
                }
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - Add Header
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-business-rule",
    "description": "Add timestamp header",
    "active": true,
    "actionList": [
      {
        "actionType": "ADD",
        "sourceVar": {
          "type": "HEADER",
          "headerName": "X-Source"
        },
        "targetVar": {
          "type": "HEADER",
          "headerName": "X-Timestamp"
        },
        "targetValSource": "VALUE",
        "targetValue": "${now}",
        "sourceDataType": "STRING"
      }
    ]
  }
}
Full JSON Body Example - Modify Value with Mask
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-business-rule",
    "description": "Mask credit card number",
    "active": true,
    "actionList": [
      {
        "actionType": "MODIFY",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$.creditCard"
        },
        "sourceDataType": "STRING",
        "operator": "MASK",
        "maskFrom": 4,
        "maskTo": 12,
        "targetValSource": "VALUE",
        "targetVal": "****-****-****",
        "targetVar": {
          "type": "BODY",
          "bodyJsonPath": "$.creditCard"
        }
      }
    ]
  }
}
Full JSON Body Example - Stop Flow
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-business-rule",
    "description": "Stop request if unauthorized",
    "active": true,
    "actionList": [
      {
        "actionType": "STOP"
      }
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline
  • RESPONSE - Executes in response pipeline
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-business-rule
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
actionListarrayYes-List of actions to execute (at least one required)
Note: actionList must contain at least one action.
actionList
Each action is an object with the following fields:
FieldTypeRequiredDefaultDescription
actionTypestringYes-Action type: ADD, MODIFY, DELETE, or STOP
sourceVarobjectNo*-Source variable (required for ADD, MODIFY, DELETE)
sourceVarBodyInjectionFieldNamestringNo-Body injection field name
sourceDataTypestringNo*-Source data type (required for MODIFY)
sourceTemporalFormatstringNo-Temporal format (if sourceDataType=TEMPORAL)
operatorstringNo*-Modification operator (required for MODIFY)
substringFromintegerNo-Substring start index (for SUBSTRING operator)
substringTointegerNo-Substring end index (for SUBSTRING operator)
maskFromintegerNo-Mask start index (for MASK operator)
maskTointegerNo-Mask end index (for MASK operator)
replaceSourcestringNo-Replace source pattern (for REPLACE_IN/REPLACE_WITH)
insertOffsetintegerNo-Insert offset (for INSERT operator)
temporalOperatorTimeUnitstringNo-Temporal time unit (for TEMPORAL operations)
replaceFirststringNo-Replace first pattern (for REPLACE_FIRST)
targetValSourcestringNo*-Target value source (required for ADD, MODIFY)
targetValstringNo*-Target value (required if targetValSource=VALUE)
targetVarobjectNo*-Target variable (required for ADD, MODIFY)
transformationContentTypestringNo-Transformation content type
formatAllowsInvalidbooleanNofalseFormat allows invalid characters
formatValueContainsLiteralCharactersbooleanNofalseFormat value contains literal characters
formatInvalidCharactersstringNo-Format invalid characters
formatPlaceholderstringNo-Format placeholder
jsonToXmlIgnoreNullbooleanNofalseJSON to XML ignore null
jsonToXmlIgnoreEmptybooleanNofalseJSON to XML ignore empty
jsonToXmlUseNullForNilbooleanNofalseJSON to XML use null for nil
jsonToXmlUnwrapElementbooleanNofalseJSON to XML unwrap element
xmlToJsonUnwrapElementbooleanNofalseXML to JSON unwrap element
xmlToJsonIgnoreNullbooleanNofalseXML to JSON ignore null
xmlToJsonIgnoreEmptybooleanNofalseXML to JSON ignore empty
xmlToJsonNumbersAsStringsbooleanNofalseXML to JSON numbers as strings
xmlToJsonUseNullForNilbooleanNofalseXML to JSON use null for nil
xmlToJsonArrayPathListarrayNo[]XML to JSON array path list
claimJsonPathstringNo-JWT claim JSON path

EnumActionType

  • ADD - Add new value to target variable
  • MODIFY - Modify existing value in source variable
  • DELETE - Delete value from source variable
  • STOP - Stop request/response flow

EnumActionSourceDataType

  • STRING - String data type
  • NUMERIC - Numeric data type
  • TEMPORAL - Date/time data type

EnumActionSourceValueModificationOperator

  • Numeric operations: ADD, SUBTRACT, MULTIPLY, DIVIDE, MODULUS, POWER
  • String operations: CONCAT, REPLACE_IN, REPLACE_WITH, REPLACE_FIRST, SUBSTRING, MASK, FORMAT, TRANSFORM, INSERT, TRIM, ENCODE, DECODE, URL_ENCODE, URL_DECODE, EXTRACT_JWT_HEADER_CLAIM, EXTRACT_JWT_BODY_CLAIM
  • Temporal operations: ADD_TEMPORAL, SUBTRACT_TEMPORAL

EnumValueSource

  • VALUE - Use static value
  • VARIABLE - Extract from variable

EnumTransformationContentType

  • XSLT - XSLT transformation
  • JOLT - JOLT transformation
  • XML2JSON - XML to JSON conversion
  • JSON2XML - JSON to XML conversion

EnumTimeUnit

  • MILLISECOND, SECOND, MINUTE, HOUR, DAY, WEEK, MONTH, YEAR

Action Requirements

  • ADD: Requires sourceVar, targetValSource, targetVar. If targetValSource=VALUE, requires targetVal.
  • MODIFY: Requires sourceVar, sourceDataType, operator, targetValSource. If targetValSource=VALUE, requires targetVal. Operator-specific fields required based on operator.
  • DELETE: Requires sourceVar only.
  • STOP: No additional fields required.

Operator-Specific Fields

  • SUBSTRING: Requires substringFrom (and optionally substringTo)
  • MASK: Requires maskFrom (and optionally maskTo)
  • INSERT: Requires insertOffset
  • TRANSFORM: Requires transformationContentType
  • TEMPORAL: Requires temporalOperatorTimeUnit and sourceTemporalFormat

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/business-rule-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-business-rule",
      "description": "Add timestamp header",
      "active": true,
      "actionList": [
        {
          "actionType": "ADD",
          "sourceVar": {
            "type": "CONTEXT_VALUES",
            "contextValue": "NOW"
          },
          "sourceDataType": "STRING",
          "targetValSource": "VALUE",
          "targetVal": "${NOW}",
          "targetVar": {
            "type": "HEADER",
            "headerName": "X-Timestamp"
          }
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-business-rule",
    "description": "Updated: Add timestamp and request ID headers",
    "active": true,
    "actionList": [
      {
        "actionType": "ADD",
        "sourceVar": {
          "type": "HEADER",
          "headerName": "X-Source"
        },
        "targetVar": {
          "type": "HEADER",
          "headerName": "X-Timestamp"
        },
        "targetValSource": "VALUE",
        "targetValue": "${now}",
        "sourceDataType": "STRING"
      },
      {
        "actionType": "ADD",
        "sourceVar": {
          "type": "HEADER",
          "headerName": "User-Agent"
        },
        "targetVar": {
          "type": "HEADER",
          "headerName": "X-Request-ID"
        },
        "targetValSource": "VALUE",
        "targetValue": "${uuid}",
        "sourceDataType": "STRING"
      }
    ]
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNofalseWhether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Action Types:
    • ADD - Adds new value to target variable
    • MODIFY - Modifies existing value with operator
    • DELETE - Removes value from source variable
    • STOP - Stops request/response flow immediately
  • Operators:
    • Numeric: ADD, SUBTRACT, MULTIPLY, DIVIDE, MODULUS, POWER
    • String: CONCAT, REPLACE_IN, REPLACE_WITH, REPLACE_FIRST, SUBSTRING, MASK, FORMAT, TRANSFORM, INSERT, TRIM, ENCODE, DECODE, URL_ENCODE, URL_DECODE, EXTRACT_JWT_HEADER_CLAIM, EXTRACT_JWT_BODY_CLAIM
    • Temporal: ADD_TEMPORAL, SUBTRACT_TEMPORAL
  • Action Requirements:
    • ADD: Requires sourceVar, targetValSource, targetVar
    • MODIFY: Requires sourceVar, sourceDataType, operator, targetValSource
    • DELETE: Requires sourceVar only
    • STOP: No additional fields required
  • Operator-Specific Fields: Required fields vary by operator (e.g., MASK requires maskFrom/maskTo)
  • Execution Order: Actions are executed in the order they appear in actionList
  • STOP Action: When STOP action executes, subsequent actions and policies are not executed
  • Performance: Business rules add processing overhead. Use efficiently.
  • Pipeline:
    • REQUEST pipeline executes actions on request before forwarding
    • RESPONSE pipeline executes actions on response before sending to client
  • Error Handling: Invalid action configuration may cause policy execution to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.