Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Policy Type
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Response
Success Response (200 OK)
{
"success": true,
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-content-filter",
"name": "content-filter-policy",
"description": "Filter malicious content",
"active": true,
"policyContentFilterDefList": [
{
"id": 1,
"name": "SQL Injection Filter",
"ruleValue": "(?i)(union|select|insert|delete|drop|exec|script)",
"headerActive": true,
"bodyActive": true,
"paramActive": true,
"action": "BLOCK",
"contentType": "ALL_BODY"
}
]
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example - Block SQL Injection
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-content-filter",
"description": "Block SQL injection attempts",
"active": true,
"policyContentFilterDefList": [
{
"name": "SQL Injection Filter",
"ruleValue": "(?i)(union|select|insert|delete|drop|exec|script)",
"headerActive": true,
"bodyActive": true,
"paramActive": true,
"action": "BLOCK",
"contentType": "ALL_BODY",
"content": null
}
]
}
}
Full JSON Body Example - Delete Sensitive Data
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "RESPONSE",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-content-filter",
"description": "Remove sensitive data from response",
"active": true,
"policyContentFilterDefList": [
{
"name": "Credit Card Filter",
"ruleValue": "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b",
"headerActive": false,
"bodyActive": true,
"paramActive": false,
"action": "DELETE",
"contentType": "JSON",
"content": null
}
]
}
}
Request Body Fields
operationMetadata
| Field | Type | Required | Default | Description |
|---|
| targetScope | string | Yes | - | Policy scope: ALL or ENDPOINT |
| targetEndpoint | string | No* | - | Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod | string | No* | - | HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline | string | Yes | - | Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy | boolean | No | true | Whether to deploy after adding policy |
| deployTargetEnvironmentNameList | array | No | [] | List of environment names to deploy to |
| order | integer | No | null | Policy execution order (starts from 1) |
ALL - Policy applies to all endpointsENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST - Executes in request pipeline (filters request content)RESPONSE - Executes in response pipeline (filters response content)ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
| Field | Type | Required | Default | Description |
|---|
| type | string | Yes | - | Policy type: policy-content-filter |
| description | string | No | - | Policy description |
| active | boolean | No | true | Whether policy is active |
| policyContentFilterDefList | array | Yes | - | List of filter definitions (at least one required) |
policyContentFilterDefList must contain at least one filter definition.
policyContentFilterDefList
Each filter definition is an object with the following fields:
| Field | Type | Required | Default | Description |
|---|
| id | integer | No | - | Filter definition ID (auto-generated) |
| name | string | Yes | - | Filter definition name |
| ruleValue | string | Yes | - | Regex pattern to match |
| headerActive | boolean | No | false | Apply filter to headers |
| bodyActive | boolean | No | false | Apply filter to body |
| paramActive | boolean | No | false | Apply filter to parameters |
| action | string | No | BLOCK | Action: BLOCK or DELETE |
| contentType | string | No | XML | Content type: XML, JSON, or ALL_BODY |
| content | string | No | null | Additional content configuration |
EnumContentFilterAction
BLOCK - Block the request/response if pattern matchesDELETE - Delete matching content from request/response
EnumMessageContentType
XML - Filter XML contentJSON - Filter JSON contentALL_BODY - Filter all body content types
Regex Pattern
ruleValue must be a valid Java regex pattern- Use
(?i) prefix for case-insensitive matching
- Use
\\b for word boundaries
- Use
\\d for digits, \\s for whitespace
- Use
[] for character classes, () for groups
Note
- At least one of
headerActive, bodyActive, or paramActive must be true.
name and ruleValue are required.action defaults to BLOCK if not specified.
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/content-filter-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-content-filter",
"description": "Block SQL injection",
"active": true,
"policyContentFilterDefList": [
{
"name": "SQL Injection Filter",
"ruleValue": "(?i)(union|select|insert|delete|drop|exec)",
"headerActive": true,
"bodyActive": true,
"paramActive": true,
"action": "BLOCK",
"contentType": "ALL_BODY"
}
]
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["tester"],
"order": 1
},
"policy": {
"type": "policy-content-filter",
"description": "Updated: Enhanced security filters for SQL injection and XSS",
"active": true,
"policyContentFilterDefList": [
{
"name": "SQL Injection Filter",
"ruleValue": "(?i)(union|select|insert|delete|drop|exec|script|alter|create|truncate)",
"headerActive": true,
"bodyActive": true,
"paramActive": true,
"action": "BLOCK",
"contentType": "ALL_BODY",
"content": null
},
{
"name": "XSS Filter",
"ruleValue": "(?i)(<script|javascript:|onerror|onload|eval\\()",
"headerActive": true,
"bodyActive": true,
"paramActive": true,
"action": "BLOCK",
"contentType": "ALL_BODY",
"content": null
}
]
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": []
}
}
Notes and Warnings
-
Action Type:
BLOCK - Rejects the request/response if pattern matchesDELETE - Removes matching content from request/response
-
Content Type:
XML - Filter XML content onlyJSON - Filter JSON content onlyALL_BODY - Filter all body content types
-
Active Flags: At least one of
headerActive, bodyActive, or paramActive must be true
-
Regex Pattern:
- Must be valid Java regex pattern
- Use
(?i) for case-insensitive matching
- Use
\\b for word boundaries
- Use
\\d for digits, \\s for whitespace
-
Performance: Content filtering adds processing overhead. Use efficient regex patterns.
-
Pipeline:
REQUEST pipeline filters request content before forwardingRESPONSE pipeline filters response content before sending to client
-
Block Action: When
action: BLOCK, the entire request/response is rejected
-
Delete Action: When
action: DELETE, only matching content is removed
-
Multiple Filters: Multiple filter definitions are evaluated in order
-
Error Handling: Invalid regex patterns may cause policy execution to fail
-
Deployment: Policy changes require deployment to take effect. Set
deploy: true or deploy manually.
