Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Policy Type
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Response
Success Response (200 OK)
{
"success": true,
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-saml-validation",
"name": "saml-validation-policy",
"description": "Validate SAML assertions",
"active": true,
"keyStoreName": "saml-keystore",
"allowUnknownSigner": false,
"clearSaml": false,
"clearSamlPath": null
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example - Full Validation
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-saml-validation",
"description": "Validate SAML assertions with signature verification",
"active": true,
"keyStoreName": "saml-keystore",
"allowUnknownSigner": false,
"clearSaml": false,
"clearSamlPath": null
}
}
Full JSON Body Example - Clear SAML After Validation
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-saml-validation",
"description": "Validate and clear SAML assertions",
"active": true,
"keyStoreName": "saml-keystore",
"allowUnknownSigner": false,
"clearSaml": true,
"clearSamlPath": "/soap:Envelope/soap:Header/wsse:Security/saml:Assertion"
}
}
Request Body Fields
operationMetadata
| Field | Type | Required | Default | Description |
|---|
| targetScope | string | Yes | - | Policy scope: ALL or ENDPOINT |
| targetEndpoint | string | No* | - | Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod | string | No* | - | HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline | string | Yes | - | Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy | boolean | No | true | Whether to deploy after adding policy |
| deployTargetEnvironmentNameList | array | No | [] | List of environment names to deploy to |
| order | integer | No | null | Policy execution order (starts from 1) |
ALL - Policy applies to all endpointsENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST - Executes in request pipeline (validates request SAML)RESPONSE - Executes in response pipeline (validates response SAML)ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
| Field | Type | Required | Default | Description |
|---|
| type | string | Yes | - | Policy type: policy-saml-validation |
| description | string | No | - | Policy description |
| active | boolean | No | true | Whether policy is active |
| keyStoreName | string | Yes | - | Keystore name for SAML signature validation |
| allowUnknownSigner | boolean | No | false | Allow unknown signer for SAML validation |
| clearSaml | boolean | No | false | Clear SAML assertion after validation |
| clearSamlPath | string | No* | null | XPath to SAML assertion to clear (required if clearSaml=true) |
Note
keyStoreName is required and must reference a valid KeyStore containing SAML signing certificates.- KeyStore name is automatically resolved to KeyStore ID (searches in project KeyStores first, then global KeyStores).
- If
clearSaml: true, clearSamlPath is required (XPath expression to locate SAML assertion).
XPath Examples
/soap:Envelope/soap:Header/wsse:Security/saml:Assertion - SOAP header SAML assertion//saml:Assertion - Anywhere in document/root/saml:Assertion - Root element SAML assertion
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/saml-validation-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-saml-validation",
"description": "Validate SAML assertions",
"active": true,
"keyStoreName": "saml-keystore",
"allowUnknownSigner": false,
"clearSaml": false
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["tester"],
"order": 1
},
"policy": {
"type": "policy-saml-validation",
"description": "Updated: SAML validation with enhanced security settings",
"active": true,
"keyStoreName": "test-keystores",
"allowUnknownSigner": false,
"clearSaml": true,
"clearSamlPath": "$.assertion"
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": []
}
}
Notes and Warnings
-
KeyStore:
keyStoreName must reference a valid KeyStore containing SAML signing certificates- KeyStore name is automatically resolved to KeyStore ID (searches in project KeyStores first, then global KeyStores)
- KeyStore must contain public keys or certificates for signature validation
- Certificates must match the signer’s certificate used in SAML assertion
-
Signature Validation:
- Validates SAML assertion signature using certificates from KeyStore
- Signature must be valid and certificate must be trusted
- Assertion must not be expired
-
Unknown Signer:
- When
allowUnknownSigner: false, only signers with certificates in KeyStore are allowed
- When
allowUnknownSigner: true, validation proceeds even if signer is not in KeyStore (less secure)
-
Clear SAML:
- When
clearSaml: true, SAML assertion is removed after validation
clearSamlPath must be a valid XPath expression pointing to SAML assertion- Useful for removing sensitive SAML data before forwarding request
-
XPath:
clearSamlPath must be a valid XPath expression- Supports namespaces (e.g.,
soap:Envelope, saml:Assertion)
- Use absolute paths for precise location
-
SAML Format:
- Supports SAML 1.1 and SAML 2.0 assertions
- Supports SAML assertions in SOAP headers (WS-Security)
- Supports SAML assertions in HTTP headers or body
-
Performance: SAML validation adds processing overhead. Use for necessary validation only.
-
Pipeline:
REQUEST pipeline validates SAML in request before processingRESPONSE pipeline validates SAML in response before sending to client- Validation failure results in 401 Unauthorized or 403 Forbidden response
-
Error Handling: Invalid SAML assertion or signature causes validation to fail
-
Deployment: Policy changes require deployment to take effect. Set
deploy: true or deploy manually.
