Ana içeriğe atla

General Information

Policy Type

policy-digital-sign

Description

Digital Sign policy digitally signs data using cryptographic keys or certificates. It generates digital signatures for specified source variables and stores them in target signature variables. This policy provides data integrity and non-repudiation capabilities. ⚠️ Implementation Status: This policy is currently not implemented in Management API. This policy cannot be created or managed through the Management API at this time. This documentation is provided for reference purposes and will be updated when full API support is added in a future release.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-digital-sign",
            "name": "digital-sign-policy",
            "description": "Sign request data",
            "active": true,
            "policyDigitalSignDefList": [
              {
                "id": "sign-def-1",
                "description": "Sign request body",
                "sourceVar": {
                  "type": "BODY",
                  "bodyJsonPath": "$"
                },
                "signatureVar": {
                  "type": "HEADER",
                  "headerName": "X-Signature"
                },
                "signatureAlgorithm": "SHA256withRSA",
                "enumKeyCertificateType": "KEY",
                "cryptoKeyInfoId": "signing-key-id",
                "outputEncodingType": "BASE64"
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - Sign with Key
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-digital-sign",
    "description": "Sign request body",
    "active": true,
    "policyDigitalSignDefList": [
      {
        "id": "sign-def-1",
        "description": "Sign request body",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$"
        },
        "signatureVar": {
          "type": "HEADER",
          "headerName": "X-Signature"
        },
        "signatureAlgorithm": "SHA256withRSA",
        "signatureAlgorithmVar": null,
        "enumKeyCertificateType": "KEY",
        "cryptoKeyInfoId": "signing-key-id",
        "certificateId": null,
        "outputEncodingType": "BASE64"
      }
    ]
  }
}
Full JSON Body Example - Sign with Certificate
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-digital-sign",
    "description": "Sign request body with certificate",
    "active": true,
    "policyDigitalSignDefList": [
      {
        "id": "sign-def-1",
        "description": "Sign request body",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$"
        },
        "signatureVar": {
          "type": "HEADER",
          "headerName": "X-Signature"
        },
        "signatureAlgorithm": "SHA256withRSA",
        "signatureAlgorithmVar": null,
        "enumKeyCertificateType": "CERTIFICATE",
        "cryptoKeyInfoId": null,
        "certificateId": "signing-cert-id",
        "outputEncodingType": "BASE64"
      }
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline (signs request data)
  • RESPONSE - Executes in response pipeline (signs response data)
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-digital-sign
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
policyDigitalSignDefListarrayYes-List of digital sign definitions (at least one required)
Note: policyDigitalSignDefList must contain at least one sign definition.
policyDigitalSignDefList
Each sign definition is an object with the following fields:
FieldTypeRequiredDefaultDescription
idstringNo-Sign definition ID (auto-generated)
descriptionstringNo-Sign definition description
sourceVarobjectYes-Source variable to sign
signatureVarobjectYes-Target variable to store signature
signatureAlgorithmstringYes-Signature algorithm
signatureAlgorithmVarobjectNonullVariable to store signature algorithm name
enumKeyCertificateTypestringNoKEYKey or certificate type: KEY or CERTIFICATE
cryptoKeyInfoIdstringNo*nullCrypto key info ID (required if enumKeyCertificateType=KEY)
certificateIdstringNo*nullCertificate ID (required if enumKeyCertificateType=CERTIFICATE)
outputEncodingTypestringNoBASE64Output encoding type: BASE64 or HEXADECIMAL

EnumSignatureAlgorithm

  • RSA algorithms: NONEwithRSA, MD2withRSA, MD5withRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
  • DSA algorithms: NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA
  • ECDSA algorithms: NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA

EnumKeyCertificateType

  • KEY - Use cryptographic key from CryptoKeyInfo
  • CERTIFICATE - Use certificate (extracts private key from certificate)

EnumEncodingType

  • BASE64 - Base64 encoding (recommended)
  • HEXADECIMAL - Hexadecimal encoding

Note

  • sourceVar and signatureVar are required.
  • signatureAlgorithm is required.
  • If enumKeyCertificateType: KEY, cryptoKeyInfoId is required.
  • If enumKeyCertificateType: CERTIFICATE, certificateId is required.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digital-sign-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-digital-sign",
      "description": "Sign request body",
      "active": true,
      "policyDigitalSignDefList": [
        {
          "sourceVar": {
            "type": "BODY",
            "bodyJsonPath": "$"
          },
          "signatureVar": {
            "type": "HEADER",
            "headerName": "X-Signature"
          },
          "signatureAlgorithm": "SHA256withRSA",
          "enumKeyCertificateType": "KEY",
          "cryptoKeyInfoId": "signing-key-id",
          "outputEncodingType": "BASE64"
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Signature Algorithms:
    • RSA: SHA256withRSA, SHA384withRSA, SHA512withRSA (recommended)
    • ECDSA: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA (for elliptic curve)
    • DSA: SHA1withDSA, SHA224withDSA, SHA256withDSA (legacy)
  • Key/Certificate Type:
    • KEY - Uses private key from CryptoKeyInfo (requires cryptoKeyInfoId)
    • CERTIFICATE - Extracts private key from certificate (requires certificateId)
  • Output Encoding:
    • BASE64 - Base64 encoding (recommended, more compact)
    • HEXADECIMAL - Hexadecimal encoding (human-readable)
  • Source Variable: Variable containing data to sign (can be header, parameter, body, etc.)
  • Signature Variable: Variable to store generated signature (can be header, parameter, body, etc.)
  • Signature Algorithm Variable: Optional variable to store signature algorithm name
  • Key Management:
    • CryptoKeyInfo or Certificate must be configured in Apinizer
    • Private key must be accessible for signing
    • Key must match signature algorithm (RSA key for RSA algorithms, ECDSA key for ECDSA algorithms)
  • Performance: Digital signing adds cryptographic processing overhead. Use for necessary integrity/non-repudiation only.
  • Pipeline:
    • REQUEST pipeline signs request data before forwarding
    • RESPONSE pipeline signs response data before sending to client
  • Error Handling: Invalid key/certificate or algorithm mismatch causes signing to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.
  • ⚠️ API Status:
    • This policy is currently NOT IMPLEMENTED in Management API
    • Attempting to create or update this policy via Management API will fail
    • This documentation is provided for reference purposes only
    • Full API support will be added in a future release