Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Policy Type
Description
Digital Sign policy digitally signs data using cryptographic keys or certificates. It generates digital signatures for specified source variables and stores them in target signature variables. This policy provides data integrity and non-repudiation capabilities.
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Response
Success Response (200 OK)
{
"status": "SUCCESS",
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-digital-sign",
"name": "digital-sign-policy",
"description": "Sign request data",
"active": true,
"digitalSignDefList": [
{
"description": "Sign request body",
"sourceVar": {
"type": "BODY",
"bodyJsonPath": "$"
},
"signatureVar": {
"type": "HEADER",
"headerName": "X-Signature"
},
"signatureAlgorithm": "SHA256withRSA",
"keyCertificateType": "KEY",
"keyName": "my-signing-key",
"outputEncodingType": "BASE64"
}
]
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example - Sign with Key
{
"operationMetadata": {
"targetScope": "API_PROXY",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-digital-sign",
"description": "Sign request body",
"active": true,
"digitalSignDefList": [
{
"description": "Sign request body",
"sourceVar": {
"type": "BODY",
"bodyJsonPath": "$"
},
"signatureVar": {
"type": "HEADER",
"headerName": "X-Signature"
},
"signatureAlgorithm": "SHA256withRSA",
"signatureAlgorithmVar": null,
"keyCertificateType": "KEY",
"keyName": "my-signing-key",
"certificateName": null,
"outputEncodingType": "BASE64"
}
]
}
}
Full JSON Body Example - Sign with Certificate
{
"operationMetadata": {
"targetScope": "API_PROXY",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-digital-sign",
"description": "Sign request body with certificate",
"active": true,
"digitalSignDefList": [
{
"description": "Sign request body",
"sourceVar": {
"type": "BODY",
"bodyJsonPath": "$"
},
"signatureVar": {
"type": "HEADER",
"headerName": "X-Signature"
},
"signatureAlgorithm": "SHA256withRSA",
"signatureAlgorithmVar": null,
"keyCertificateType": "CERTIFICATE",
"keyName": null,
"certificateName": "my-signing-certificate",
"outputEncodingType": "BASE64"
}
]
}
}
Request Body Fields
operationMetadata
| Field | Type | Required | Default | Description |
|---|
| targetScope | string | Yes | - | Policy scope: API_PROXY or ENDPOINT |
| targetEndpoint | string | No* | - | Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod | string | No* | - | HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline | string | Yes | - | Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy | boolean | No | true | Whether to deploy after adding policy |
| deployTargetEnvironmentNameList | array | No | [] | List of environment names to deploy to |
| order | integer | No | null | Policy execution order (starts from 1) |
API_PROXY - Policy applies to all endpointsENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST - Executes in request pipeline (signs request data)RESPONSE - Executes in response pipeline (signs response data)ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
| Field | Type | Required | Default | Description |
|---|
| type | string | Yes | - | Policy type: policy-digital-sign |
| description | string | No | - | Policy description |
| active | boolean | No | true | Whether policy is active |
| digitalSignDefList | array | Yes | - | List of digital sign definitions (at least one required) |
digitalSignDefList must contain at least one sign definition.
digitalSignDefList
Each sign definition is an object with the following fields:
| Field | Type | Required | Default | Description |
|---|
| description | string | No | - | Sign definition description |
| sourceVar | object | Yes | - | Source variable to sign |
| signatureVar | object | Yes | - | Target variable to store signature |
| signatureAlgorithm | string | Yes | - | Signature algorithm |
| signatureAlgorithmVar | object | No | null | Variable to store signature algorithm name |
| keyCertificateType | string | No | KEY | Key or certificate type: KEY or CERTIFICATE |
| keyName | string | No* | null | Key name (resolved to ID automatically). Required if keyCertificateType=KEY |
| certificateName | string | No* | null | Certificate name (resolved to ID automatically). Required if keyCertificateType=CERTIFICATE |
| outputEncodingType | string | No | BASE64 | Output encoding type: BASE64 or HEXADECIMAL |
EnumSignatureAlgorithm
- RSA algorithms:
NONEwithRSA, MD2withRSA, MD5withRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
- DSA algorithms:
NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA
- ECDSA algorithms:
NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA
EnumKeyCertificateType
KEY - Use cryptographic key by name from CryptoKeyInfoCERTIFICATE - Use certificate by name (extracts private key from certificate)
EnumEncodingType
BASE64 - Base64 encoding (recommended)HEXADECIMAL - Hexadecimal encoding
Note
sourceVar and signatureVar are required.signatureAlgorithm is required.- If
keyCertificateType: KEY, keyName is required.
- If
keyCertificateType: CERTIFICATE, certificateName is required.
Response
Success Response (200 OK)
{
"status": "SUCCESS",
"resultList": null,
"resultCount": null,
"deploymentResult": {
"envName": "production",
"podName": "",
"podIp": "",
"success": true,
"detail": "",
"responseTime": 123,
"detailList": []
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digital-sign-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "API_PROXY",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-digital-sign",
"description": "Sign request body",
"active": true,
"digitalSignDefList": [
{
"sourceVar": {
"type": "BODY",
"bodyJsonPath": "$"
},
"signatureVar": {
"type": "HEADER",
"headerName": "X-Signature"
},
"signatureAlgorithm": "SHA256withRSA",
"keyCertificateType": "KEY",
"keyName": "my-signing-key",
"outputEncodingType": "BASE64"
}
]
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Note: Request body structure is the same as Add Policy. All fields should be provided for update.
Response
Success Response (200 OK)
{
"status": "SUCCESS",
"resultList": null,
"resultCount": null,
"deploymentResult": {
"envName": "production",
"podName": "",
"podIp": "",
"success": true,
"detail": "",
"responseTime": 123,
"detailList": []
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "API_PROXY",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"status": "SUCCESS",
"resultList": null,
"resultCount": null,
"deploymentResult": null
}
Notes and Warnings
-
Signature Algorithms:
- RSA:
SHA256withRSA, SHA384withRSA, SHA512withRSA (recommended)
- ECDSA:
SHA256withECDSA, SHA384withECDSA, SHA512withECDSA (for elliptic curve)
- DSA:
SHA1withDSA, SHA224withDSA, SHA256withDSA (legacy)
-
Key/Certificate Type:
KEY - Uses private key from CryptoKeyInfo by name (requires keyName)CERTIFICATE - Extracts private key from certificate by name (requires certificateName)
-
Output Encoding:
BASE64 - Base64 encoding (recommended, more compact)HEXADECIMAL - Hexadecimal encoding (human-readable)
-
Source Variable: Variable containing data to sign (can be header, parameter, body, etc.)
-
Signature Variable: Variable to store generated signature (can be header, parameter, body, etc.)
-
Signature Algorithm Variable: Optional variable to store signature algorithm name
-
Key Management:
- CryptoKeyInfo or Certificate must be configured in Apinizer and referenced by name
- Private key must be accessible for signing
- Key must match signature algorithm (RSA key for RSA algorithms, ECDSA key for ECDSA algorithms)
-
Performance: Digital signing adds cryptographic processing overhead. Use for necessary integrity/non-repudiation only.
-
Pipeline:
REQUEST pipeline signs request data before forwardingRESPONSE pipeline signs response data before sending to client
-
Error Handling: Invalid key/certificate or algorithm mismatch causes signing to fail
-
Deployment: Policy changes require deployment to take effect. Set
deploy: true or deploy manually.
