Ana içeriğe atla

General Information

Policy Type

policy-content-filter

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-content-filter",
            "name": "content-filter-policy",
            "description": "Filter malicious content",
            "active": true,
            "policyContentFilterDefList": [
              {
                "id": 1,
                "name": "SQL Injection Filter",
                "ruleValue": "(?i)(union|select|insert|delete|drop|exec|script)",
                "headerActive": true,
                "bodyActive": true,
                "paramActive": true,
                "action": "BLOCK",
                "contentType": "ALL_BODY"
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - Block SQL Injection
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-content-filter",
    "description": "Block SQL injection attempts",
    "active": true,
    "policyContentFilterDefList": [
      {
        "name": "SQL Injection Filter",
        "ruleValue": "(?i)(union|select|insert|delete|drop|exec|script)",
        "headerActive": true,
        "bodyActive": true,
        "paramActive": true,
        "action": "BLOCK",
        "contentType": "ALL_BODY",
        "content": null
      }
    ]
  }
}
Full JSON Body Example - Delete Sensitive Data
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "RESPONSE",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-content-filter",
    "description": "Remove sensitive data from response",
    "active": true,
    "policyContentFilterDefList": [
      {
        "name": "Credit Card Filter",
        "ruleValue": "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b",
        "headerActive": false,
        "bodyActive": true,
        "paramActive": false,
        "action": "DELETE",
        "contentType": "JSON",
        "content": null
      }
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline (filters request content)
  • RESPONSE - Executes in response pipeline (filters response content)
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-content-filter
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
policyContentFilterDefListarrayYes-List of filter definitions (at least one required)
Note: policyContentFilterDefList must contain at least one filter definition.
policyContentFilterDefList
Each filter definition is an object with the following fields:
FieldTypeRequiredDefaultDescription
idintegerNo-Filter definition ID (auto-generated)
namestringYes-Filter definition name
ruleValuestringYes-Regex pattern to match
headerActivebooleanNofalseApply filter to headers
bodyActivebooleanNofalseApply filter to body
paramActivebooleanNofalseApply filter to parameters
actionstringNoBLOCKAction: BLOCK or DELETE
contentTypestringNoXMLContent type: XML, JSON, or ALL_BODY
contentstringNonullAdditional content configuration

EnumContentFilterAction

  • BLOCK - Block the request/response if pattern matches
  • DELETE - Delete matching content from request/response

EnumMessageContentType

  • XML - Filter XML content
  • JSON - Filter JSON content
  • ALL_BODY - Filter all body content types

Regex Pattern

  • ruleValue must be a valid Java regex pattern
  • Use (?i) prefix for case-insensitive matching
  • Use \\b for word boundaries
  • Use \\d for digits, \\s for whitespace
  • Use [] for character classes, () for groups

Note

  • At least one of headerActive, bodyActive, or paramActive must be true.
  • name and ruleValue are required.
  • action defaults to BLOCK if not specified.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/content-filter-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-content-filter",
      "description": "Block SQL injection",
      "active": true,
      "policyContentFilterDefList": [
        {
          "name": "SQL Injection Filter",
          "ruleValue": "(?i)(union|select|insert|delete|drop|exec)",
          "headerActive": true,
          "bodyActive": true,
          "paramActive": true,
          "action": "BLOCK",
          "contentType": "ALL_BODY"
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["tester"],
    "order": 1
  },
  "policy": {
    "type": "policy-content-filter",
    "description": "Updated: Enhanced security filters for SQL injection and XSS",
    "active": true,
    "policyContentFilterDefList": [
      {
        "name": "SQL Injection Filter",
        "ruleValue": "(?i)(union|select|insert|delete|drop|exec|script|alter|create|truncate)",
        "headerActive": true,
        "bodyActive": true,
        "paramActive": true,
        "action": "BLOCK",
        "contentType": "ALL_BODY",
        "content": null
      },
      {
        "name": "XSS Filter",
        "ruleValue": "(?i)(<script|javascript:|onerror|onload|eval\\()",
        "headerActive": true,
        "bodyActive": true,
        "paramActive": true,
        "action": "BLOCK",
        "contentType": "ALL_BODY",
        "content": null
      }
    ]
  }
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Action Type:
    • BLOCK - Rejects the request/response if pattern matches
    • DELETE - Removes matching content from request/response
  • Content Type:
    • XML - Filter XML content only
    • JSON - Filter JSON content only
    • ALL_BODY - Filter all body content types
  • Active Flags: At least one of headerActive, bodyActive, or paramActive must be true
  • Regex Pattern:
    • Must be valid Java regex pattern
    • Use (?i) for case-insensitive matching
    • Use \\b for word boundaries
    • Use \\d for digits, \\s for whitespace
  • Performance: Content filtering adds processing overhead. Use efficient regex patterns.
  • Pipeline:
    • REQUEST pipeline filters request content before forwarding
    • RESPONSE pipeline filters response content before sending to client
  • Block Action: When action: BLOCK, the entire request/response is rejected
  • Delete Action: When action: DELETE, only matching content is removed
  • Multiple Filters: Multiple filter definitions are evaluated in order
  • Error Handling: Invalid regex patterns may cause policy execution to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.