Script Policy - Apinizer Dokümantasyonu

General Information

Policy Type

policy-script

Description

Script policy allows you to execute custom scripts (Groovy or JavaScript) during request/response processing. Scripts can modify requests, responses, set variables, call external services, and perform custom business logic.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer `{token}`

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-script",
            "name": "script-policy",
            "description": "Custom script policy",
            "active": true,
            "executionType": "SYNC",
            "scriptLanguage": "GROOVY",
            "scriptBody": "def messageContext = messageContext;\ndef request = messageContext.getRequest();\nrequest.setHeader('X-Custom-Header', 'CustomValue');"
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-script",
    "description": "Add custom header to request",
    "active": true,
    "executionType": "SYNC",
    "scriptLanguage": "GROOVY",
    "scriptBody": "def messageContext = messageContext;\ndef request = messageContext.getRequest();\nrequest.setHeader('X-Custom-Header', 'CustomValue');\nrequest.setHeader('X-Request-Time', String.valueOf(System.currentTimeMillis()));"
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: `ALL` or `ENDPOINT`
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: `REQUEST`, `RESPONSE`, or `ERROR`
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

ALL - Policy applies to all endpoints
ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

REQUEST - Executes in request pipeline
RESPONSE - Executes in response pipeline
ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: `policy-script`
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
executionType	string	Yes	-	Execution type: `SYNC` or `ASYNC`
scriptLanguage	string	Yes	-	Script language: `GROOVY` or `JAVASCRIPT`
scriptBody	string	Yes	-	Script code to execute

EnumExecutionType (executionType)

SYNC - Synchronous execution (blocks request/response until script completes)
ASYNC - Asynchronous execution (non-blocking, script runs in background)

EnumScriptType (scriptLanguage)

GROOVY - Groovy scripting language
JAVASCRIPT - JavaScript (Nashorn engine)

Script Context Variables

The script has access to the following variables:

messageContext - Message context object (request/response)
request - HTTP request object (available in REQUEST pipeline)
response - HTTP response object (available in RESPONSE/ERROR pipeline)
variables - Variable map for storing/retrieving values
logger - Logger for script logging

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/script-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-script",
      "description": "Add custom header to request",
      "active": true,
      "executionType": "SYNC",
      "scriptLanguage": "GROOVY",
      "scriptBody": "def messageContext = messageContext;\ndef request = messageContext.getRequest();\nrequest.setHeader(\"X-Custom-Header\", \"CustomValue\");"
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-script",
    "description": "Updated script - Add timestamp header",
    "active": true,
    "executionType": "SYNC",
    "scriptLanguage": "GROOVY",
    "scriptBody": "def messageContext = messageContext;\ndef request = messageContext.getRequest();\nrequest.setHeader('X-Request-Time', String.valueOf(System.currentTimeMillis()));\nrequest.setHeader('X-Request-ID', UUID.randomUUID().toString());"
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/script-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-script",
      "description": "Updated script - Add timestamp header",
      "active": true,
      "executionType": "SYNC",
      "scriptLanguage": "GROOVY",
      "scriptBody": "def messageContext = messageContext;\ndef request = messageContext.getRequest();\nrequest.setHeader(\"X-Request-Time\", String.valueOf(System.currentTimeMillis()));"
    }
  }'

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: `ALL` or `ENDPOINT`
targetPipeline	string	Yes	-	Pipeline: `REQUEST`, `RESPONSE`, or `ERROR`
deploy	boolean	No	false	Whether to deploy after deletion

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/script-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

Notes and Warnings

Script Execution:
- SYNC - Script executes synchronously and blocks request/response processing
- ASYNC - Script executes asynchronously and does not block processing
Script Languages:
- GROOVY - Full Groovy support with access to Java APIs
- JAVASCRIPT - JavaScript (Nashorn engine) with limited Java API access
Script Context: Scripts have access to:
- messageContext - Message context (request/response)
- request - HTTP request object (REQUEST pipeline)
- response - HTTP response object (RESPONSE/ERROR pipeline)
- variables - Variable map for data storage
- logger - Logger for script logging
Performance:
- Synchronous scripts block request/response processing
- Keep scripts simple and fast for better performance
- Use asynchronous scripts for non-critical operations
Error Handling: Script errors can break request/response processing. Test scripts thoroughly.
Security: Scripts have full access to request/response data. Validate and sanitize inputs.
Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

List Policies - List all policies
Add Policy - General policy addition guide
Update Policy - General policy update guide
Delete Policy - General policy deletion guide

Home

​General Information

​Policy Type

​Description

​Endpoints

​List Policies

​Add Policy

​Update Policy

​Delete Policy

​List Policies

​Endpoint

​Request

​Headers

​Path Parameters

​Response

​Success Response (200 OK)

​cURL Example

​Add Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Request Body Fields

operationMetadata

policy

​EnumExecutionType (executionType)

​EnumScriptType (scriptLanguage)

​Script Context Variables

​Response

​Success Response (200 OK)

​cURL Example

​Update Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Response

​Success Response (200 OK)

​cURL Example

​Delete Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Request Body Fields

operationMetadata

​Response

​Success Response (200 OK)

​cURL Example

​Notes and Warnings

​Related Documentation

General Information

Policy Type

Description

Endpoints

List Policies

Add Policy

Update Policy

Delete Policy

List Policies

Endpoint

Request

Headers

Path Parameters

Response

Success Response (200 OK)

cURL Example

Add Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Request Body Fields

EnumExecutionType (executionType)

EnumScriptType (scriptLanguage)

Script Context Variables

Response

Success Response (200 OK)

cURL Example

Update Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Response

Success Response (200 OK)

cURL Example

Delete Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Request Body Fields

Response

Success Response (200 OK)

cURL Example

Notes and Warnings

Related Documentation