Ana içeriğe atla

General Information

Policy Type

policy-client-banner

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "status": "SUCCESS",
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-client-banner",
            "name": "client-ban-policy",
            "description": "Ban clients exceeding error threshold",
            "active": true,
            "clientIdentityVariableList": [
              {
                "type": "HEADER",
                "headerName": "X-API-Key"
              }
            ],
            "thresholdWindowInSeconds": 10,
            "thresholdCountPerWindow": 5,
            "thresholdCalculationType": "COUNT",
            "banTimeInSeconds": 300,
            "enableRetryAfterHeader": true,
            "ignoreWhenKeyIsEmpty": false,
            "assertionCondition": {
              "criteria": "IF_ANY_MATCH",
              "rules": [
                {
                  "variable": {
                    "type": "HTTP_STATUS_CODE"
                  },
                  "comparisonOperator": "GE",
                  "value": "400",
                  "valueSource": "STATIC"
                }
              ]
            }
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name (must match name in body)

Request Body

Important: The request body must follow the PolicyOperationDTO structure with separate operationMetadata and policy objects. See Add Policy for the general structure.
Full JSON Body Example - Basic Client Ban
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-client-banner",
    "name": "client-ban-policy",
    "description": "Ban clients exceeding error threshold",
    "active": true,
    "clientIdentityVariableList": [
      {
        "type": "HEADER",
        "headerName": "X-API-Key"
      }
    ],
    "thresholdWindowInSeconds": 10,
    "thresholdCountPerWindow": 5,
    "thresholdCalculationType": "COUNT",
    "banTimeInSeconds": 300,
    "enableRetryAfterHeader": true,
    "ignoreWhenKeyIsEmpty": false,
    "assertionCondition": {
      "criteria": "IF_ANY_MATCH",
      "rules": [
        {
          "variable": {
            "type": "HTTP_STATUS_CODE"
          },
          "comparisonOperator": "GE",
          "value": "400",
          "valueSource": "STATIC"
        }
      ]
    },
    "condition": {
      "criteria": "ALWAYS",
      "rules": []
    }
  }
}
Full JSON Body Example - IP-Based Ban with Percentage Threshold
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-client-banner",
    "name": "ip-ban-policy",
    "description": "Ban IPs with high error percentage",
    "active": true,
    "clientIdentityVariableList": [
      {
        "type": "CLIENT_IP"
      }
    ],
    "thresholdWindowInSeconds": 60,
    "thresholdCountPerWindow": 50,
    "thresholdCalculationType": "PERCENT",
    "banTimeInSeconds": 600,
    "enableRetryAfterHeader": true,
    "ignoreWhenKeyIsEmpty": false,
    "assertionCondition": {
      "criteria": "IF_ANY_MATCH",
      "rules": [
        {
          "variable": {
            "type": "HTTP_STATUS_CODE"
          },
          "comparisonOperator": "GE",
          "value": "500",
          "valueSource": "STATIC"
        }
      ]
    },
    "condition": {
      "criteria": "ALWAYS",
      "rules": []
    }
  }
}
Full JSON Body Example - Multi-Variable Client Ban
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-client-banner",
    "name": "multi-variable-ban",
    "description": "Ban clients using multiple identity variables",
    "active": true,
    "clientIdentityVariableList": [
      {
        "type": "HEADER",
        "headerName": "X-API-Key"
      },
      {
        "type": "CLIENT_IP"
      }
    ],
    "thresholdWindowInSeconds": 30,
    "thresholdCountPerWindow": 10,
    "thresholdCalculationType": "COUNT",
    "banTimeInSeconds": 1800,
    "enableRetryAfterHeader": true,
    "ignoreWhenKeyIsEmpty": false,
    "assertionCondition": {
      "criteria": "IF_ALL_MATCH",
      "rules": [
        {
          "variable": {
            "type": "HTTP_STATUS_CODE"
          },
          "comparisonOperator": "EQ",
          "value": "401",
          "valueSource": "STATIC"
        },
        {
          "variable": {
            "type": "REQUEST_PATH"
          },
          "comparisonOperator": "CONTAINS",
          "value": "/auth",
          "valueSource": "STATIC"
        }
      ]
    },
    "condition": {
      "criteria": "ALWAYS",
      "rules": []
    }
  }
}

Request Body Fields

The request body has two top-level fields:
FieldTypeRequiredDescription
operationMetadataobjectYesOperation metadata. See Policy Operation Metadata
policyobjectYesPolicy configuration (see below)
Common Policy Fields (policy object)
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-client-banner
namestringYes-Policy name (must match path parameter)
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
conditionobjectYes-Policy condition
Client Ban Specific Fields
FieldTypeRequiredDefaultDescription
clientIdentityVariableListarrayYes[]List of variables used to identify clients
thresholdWindowInSecondsintegerYes10Time window in seconds for threshold calculation
thresholdCountPerWindowintegerYes1Threshold count or percentage per window
thresholdCalculationTypestringYesCOUNTThreshold calculation type
banTimeInSecondsintegerYes10Duration to ban client in seconds
enableRetryAfterHeaderbooleanNofalseEnable Retry-After header in ban response
ignoreWhenKeyIsEmptybooleanNofalseIgnore requests when identity key is empty
assertionConditionobjectYes-Condition that triggers ban counting

EnumErrorThresholdType (thresholdCalculationType)

  • COUNT - Count-based threshold (number of errors)
  • PERCENT - Percentage-based threshold (percentage of errors)

VariableDTO (clientIdentityVariableList item)

FieldTypeRequiredDescription
typestringYesVariable type
headerNamestringNo*Header name (required if type=HEADER)
paramNamestringNo*Parameter name (required if type=PARAMETER)
contextValuestringNo*Context value (required if type=CONTEXT_VALUES)

Variable Types

  • HEADER - Extract from HTTP header
  • PARAMETER - Extract from query/path/form parameter
  • BODY - Extract from request/response body (XML, JSON, or raw)
  • CONTEXT_VALUES - Extract from system context values (e.g., REQUEST_REMOTE_ADDRESS for client IP)
  • CLIENT_IP - Client IP address
  • CUSTOM - Extract using custom script
Note: For client IP, use type=CLIENT_IP or type=CONTEXT_VALUES with contextValue=REQUEST_REMOTE_ADDRESS.

PolicyConditionDTO (assertionCondition)

FieldTypeRequiredDescription
criteriastringYesCondition criteria
rulesarrayYesList of condition rules

EnumConditionCriteria (assertionCondition.criteria)

  • ALWAYS - Always count
  • IF_ALL_MATCH - Count if all rules match
  • IF_ANY_MATCH - Count if any rule matches (common for error conditions)
  • IF_NONE_MATCH - Count if no rules match

ConditionRuleDTO (assertionCondition.rules item)

FieldTypeRequiredDescription
variableobjectYesVariable to check
comparisonOperatorstringYesComparison operator
valuestringYesValue to compare against
valueSourcestringNoValue source

EnumConditionValueComparisonOperator (comparisonOperator)

  • LT - Less than
  • LE - Less than or equal to
  • GT - Greater than
  • GE - Greater than or equal to
  • EQ - Equal to
  • NE - Not equal to
  • EQ_IGNORE_CASE - Equal to, case insensitive (string only)
  • NE_IGNORE_CASE - Not equal to, case insensitive (string only)
  • STARTS_WITH - Starts with (string only)
  • NOT_STARTS_WITH - Does not start with (string only)
  • STARTS_WITH_IGNORE_CASE - Starts with, case insensitive (string only)
  • NOT_STARTS_WITH_IGNORE_CASE - Does not start with, case insensitive (string only)
  • ENDS_WITH - Ends with (string only)
  • NOT_ENDS_WITH - Does not end with (string only)
  • ENDS_WITH_IGNORE_CASE - Ends with, case insensitive (string only)
  • NOT_ENDS_WITH_IGNORE_CASE - Does not end with, case insensitive (string only)
  • CONTAINS - Contains (string only)
  • NOT_CONTAINS - Does not contain (string only)
  • CONTAINS_IGNORE_CASE - Contains, case insensitive (string only)
  • NOT_CONTAINS_IGNORE_CASE - Does not contain, case insensitive (string only)
  • IS_EXISTS - Variable exists (regardless of value)
  • IS_NOT_EXISTS - Variable does not exist
  • IS_NOT_EMPTY - Variable exists and is not empty
  • IS_EMPTY - Variable does not exist or is empty
  • EXISTS_AND_EMPTY - Variable exists but is empty
  • IN - Value is in list
  • NOT_IN - Value is not in list
  • IN_IGNORE_CASE - Value is in list, case insensitive (string only)
  • NOT_IN_IGNORE_CASE - Value is not in list, case insensitive (string only)

EnumConditionValueSource (valueSource)

  • STATIC - Compare with a constant value
  • VARIABLE - Compare with another variable

PolicyOperationMetadataDTO (operationMetadata)

FieldTypeRequiredDescription
targetScopestringYesTarget scope
targetEndpointstringNoTarget endpoint path (if targetScope is ENDPOINT)
targetEndpointHTTPMethodstringNoTarget endpoint HTTP method (if targetScope is ENDPOINT)
targetPipelinestringYesTarget pipeline
deploybooleanNotrueWhether to deploy immediately
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNo-Policy execution order

EnumPolicyTargetScope (operationMetadata.targetScope)

  • ALL - Apply to entire API Proxy
  • ENDPOINT - Apply to specific endpoint
  • GLOBAL - Apply globally

EnumPolicyTargetPipeline (operationMetadata.targetPipeline)

  • REQUEST - Request pipeline
  • RESPONSE - Response pipeline
  • ERROR - Error pipeline

Notes

  • clientIdentityVariableList must contain at least one variable.
  • thresholdWindowInSeconds must be greater than 0.
  • thresholdCountPerWindow must be greater than 0.
  • thresholdCalculationType is required.
  • banTimeInSeconds must be greater than 0.
  • assertionCondition is required and defines when to count errors.
  • clientIdentityVariableList can contain multiple variables (ban applies if any matches).
  • ignoreWhenKeyIsEmpty: true skips banning when identity key is empty.
  • enableRetryAfterHeader: true adds Retry-After header to ban responses.

Response

Success Response (200 OK)

{
  "status": "SUCCESS",
  "resultList": null,
  "resultCount": null,
  "deploymentResult": {
    "envName": "production",
    "podName": "",
    "podIp": "",
    "success": true,
    "detail": "",
    "responseTime": 123,
    "detailList": []
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/client-ban-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-client-banner",
      "name": "client-ban-policy",
      "description": "Ban clients exceeding error threshold",
      "active": true,
      "clientIdentityVariableList": [
        {
          "type": "HEADER",
          "headerName": "X-API-Key"
        }
      ],
      "thresholdWindowInSeconds": 10,
      "thresholdCountPerWindow": 5,
      "thresholdCalculationType": "COUNT",
      "banTimeInSeconds": 300,
      "enableRetryAfterHeader": true,
      "ignoreWhenKeyIsEmpty": false,
      "assertionCondition": {
        "criteria": "IF_ANY_MATCH",
        "rules": [
          {
            "variable": {
              "type": "HTTP_STATUS_CODE"
            },
            "comparisonOperator": "GE",
            "value": "400",
            "valueSource": "STATIC"
          }
        ]
      },
      "condition": {
        "criteria": "ALWAYS",
        "rules": []
      }
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name (must match name in body)

Request Body

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "status": "SUCCESS",
  "resultList": null,
  "resultCount": null,
  "deploymentResult": {
    "envName": "production",
    "podName": "",
    "podIp": "",
    "success": true,
    "detail": "",
    "responseTime": 123,
    "detailList": []
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Response

Success Response (200 OK)

{
  "status": "SUCCESS",
  "resultList": null,
  "resultCount": null,
  "deploymentResult": {
    "envName": "production",
    "podName": "",
    "podIp": "",
    "success": true,
    "detail": "",
    "responseTime": 123,
    "detailList": []
  }
}

Notes and Warnings

  • Client Banning:
    • Automatically bans clients that exceed error threshold
    • Uses identity variables to identify clients
    • Banned clients are blocked for specified duration
  • Threshold Calculation:
    • COUNT - Count-based (number of errors)
    • PERCENT - Percentage-based (percentage of errors)
    • Threshold is calculated within thresholdWindowInSeconds
  • Identity Variables:
    • clientIdentityVariableList identifies clients to ban
    • Can use multiple variables (ban applies if any matches)
    • Common: API key (HEADER), IP address (CLIENT_IP), user ID (VARIABLE)
  • Assertion Condition:
    • Defines when to count errors/failures
    • Common: HTTP status code >= 400 or == 401
    • Use IF_ANY_MATCH for multiple error conditions
  • Ban Duration:
    • banTimeInSeconds - Duration to ban client
    • Banned clients receive error response during ban period
    • Ban automatically expires after duration
  • Retry-After Header:
    • enableRetryAfterHeader: true adds Retry-After header
    • Tells clients when they can retry
    • Useful for client-side handling
  • Empty Keys:
    • ignoreWhenKeyIsEmpty: true skips banning when identity key is empty
    • Useful when identity variable may be missing
  • Time Window:
    • thresholdWindowInSeconds - Time window for threshold calculation
    • Errors are counted within this window
    • Window slides continuously
  • Performance:
    • Uses cache to track ban status
    • Multiple identity variables increase cache usage
    • Consider cache performance for high-throughput scenarios
  • Deployment: Policy changes require deployment to take effect. Set deploy: true in operationMetadata or deploy manually.