Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Policy Type
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Response
Success Response (200 OK)
{
"success": true,
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-ws-security-sign",
"name": "ws-security-sign-policy",
"description": "Sign SOAP message parts",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": null,
"sigCustomKeyIdentifierValueType": null,
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigUseSingleCert": false,
"sigWsiBSPCompliant": false,
"sigKeyStoreName": "signature-keystore"
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example - Standard Signature
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Sign SOAP message body",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": null,
"sigCustomKeyIdentifierValueType": null,
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigUseSingleCert": false,
"sigWsiBSPCompliant": false,
"sigKeyStoreName": "signature-keystore"
}
}
Full JSON Body Example - Multiple Parts
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Sign multiple SOAP parts",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
},
{
"name": "Timestamp",
"namespace": "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": null,
"sigCustomKeyIdentifierValueType": null,
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigUseSingleCert": false,
"sigWsiBSPCompliant": false,
"sigKeyStoreName": "signature-keystore"
}
}
Full JSON Body Example - With Custom Key Identifier
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Sign with custom key identifier",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": "custom-key-id-value",
"sigCustomKeyIdentifierValueType": "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary",
"sigKeyIdType": "CUSTOM_KEY_INFO",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigUseSingleCert": false,
"sigWsiBSPCompliant": false,
"sigKeyStoreName": "signature-keystore"
}
}
Full JSON Body Example - WSI BSP Compliant
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Sign with WSI BSP compliance",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": null,
"sigCustomKeyIdentifierValueType": null,
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigUseSingleCert": false,
"sigWsiBSPCompliant": true,
"sigKeyStoreName": "signature-keystore"
}
}
Request Body Fields
operationMetadata
| Field | Type | Required | Default | Description |
|---|
| targetScope | string | Yes | - | Policy scope: ALL or ENDPOINT |
| targetEndpoint | string | No* | - | Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod | string | No* | - | HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline | string | Yes | - | Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy | boolean | No | true | Whether to deploy after adding policy |
| deployTargetEnvironmentNameList | array | No | [] | List of environment names to deploy to |
| order | integer | No | null | Policy execution order (starts from 1) |
ALL - Policy applies to all endpointsENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST - Executes in request pipeline (signs outgoing requests)RESPONSE - Executes in response pipeline (signs outgoing responses)ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
| Field | Type | Required | Default | Description |
|---|
| type | string | Yes | - | Policy type: policy-ws-security-sign |
| description | string | No | - | Policy description |
| active | boolean | No | true | Whether policy is active |
| mustUnderstand | boolean | No | true | WS-Security header mustUnderstand attribute |
| sigPartList | array | No | [] | Signature parts list. See WsSecurityToTargetPart |
| sigCustomKeyIdentifier | string | No | null | Custom key identifier for signature (used when sigKeyIdType=CUSTOM_KEY_INFO) |
| sigCustomKeyIdentifierValueType | string | No* | null | Custom key identifier value type (required if sigCustomKeyIdentifier is provided) |
| sigKeyIdType | string | No | null | Signature key identifier type. See EnumWsSecurityKeyIdentifierType |
| sigSigAlgorithm | string | Yes | - | Signature algorithm. See EnumWsSecuritySignatureAlgorithm |
| sigC14n | string | Yes | - | Signature canonicalization method. See EnumWsSecuritySignatureCanonicalization |
| sigDigAlgorithm | string | Yes | - | Signature digest algorithm. See Enum Ws Security Signature Digest Algorithm |
| sigUseSingleCert | boolean | No | false | Use single certificate for signature |
| sigWsiBSPCompliant | boolean | No | false | WSI BSP compliance for signature |
| sigKeyStoreName | string | Yes | - | Signature keystore name |
EnumWsSecurityKeyIdentifierType
BINARY_SECURITY_TOKEN - Binary Security TokenISSUER_NAME_AND_SERIAL_NUMBER - Issuer Name and Serial NumberX509_CERTIFICATE - X509 Certificate (recommended)SUBJECT_KEY_IDENTIFIER - Subject Key IdentifierTHUMBPRINT_SHA1_IDENTIFIER - Thumbprint SHA1 IdentifierEMBEDDED_KEY_INFO - Embedded Key InfoEMBED_SECURITY_TOKEN_REFERENCE - Embed Security Token ReferenceCUSTOM_KEY_INFO - Custom Key Info (requires sigCustomKeyIdentifier)
EnumWsSecuritySignatureAlgorithm
EnumWsSecuritySignatureCanonicalization
Enum Ws Security Signature Digest Algorithm
Note
sigKeyStoreName, sigSigAlgorithm, sigC14n, and sigDigAlgorithm are required.- If
sigKeyIdType: CUSTOM_KEY_INFO and sigCustomKeyIdentifier is provided, sigCustomKeyIdentifierValueType is required.
WsSecurityToTargetPart
| Field | Type | Required | Default | Description |
|---|
| name | string | Yes | - | Part name (e.g., “Body”, “Timestamp”) |
| namespace | string | Yes | - | Part namespace URI |
| encodeType | string | Yes | - | Encode type. See EnumWsSecurityEncryptionPartEncodeType |
EnumWsSecurityEncryptionPartEncodeType
CONTENT - Sign content onlyELEMENT - Sign entire element
Common Part Names and Namespaces
- Body:
name: "Body", namespace: "http://schemas.xmlsoap.org/soap/envelope/"
- Timestamp:
name: "Timestamp", namespace: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- UsernameToken:
name: "UsernameToken", namespace: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/ws-security-sign-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Sign SOAP message body",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA256",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA256",
"sigKeyStoreName": "signature-keystore"
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-ws-security-sign",
"description": "Updated: Sign SOAP body and header with stronger algorithms",
"active": true,
"mustUnderstand": true,
"sigPartList": [
{
"name": "Body",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
},
{
"name": "Header",
"namespace": "http://schemas.xmlsoap.org/soap/envelope/",
"encodeType": "ELEMENT"
}
],
"sigCustomKeyIdentifier": null,
"sigCustomKeyIdentifierValueType": null,
"sigKeyIdType": "X509_CERTIFICATE",
"sigSigAlgorithm": "RSA_SHA512",
"sigC14n": "C14N_EXCL_OMIT_COMMENTS",
"sigDigAlgorithm": "SHA512",
"sigUseSingleCert": true,
"sigWsiBSPCompliant": true,
"sigKeyStoreName": "test-keystores"
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header | Value |
|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": []
}
}
Notes and Warnings
-
Signature Algorithms:
RSA_SHA256, RSA_SHA384, RSA_SHA512 - Recommended RSA algorithmsECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512 - Elliptic curve algorithmsHMAC_SHA256, HMAC_SHA384, HMAC_SHA512 - HMAC algorithms (symmetric)
-
Canonicalization:
C14N_EXCL_OMIT_COMMENTS - Recommended (exclusive, omit comments)- Exclusive C14N is more secure and widely supported
-
Digest Algorithms:
SHA256, SHA384, SHA512 - Recommended digest algorithms- SHA-1 and MD5 are deprecated and should be avoided
-
Key Identifier Types:
X509_CERTIFICATE - Most common and recommendedCUSTOM_KEY_INFO - Use custom key identifier (requires sigCustomKeyIdentifier and sigCustomKeyIdentifierValueType)
-
Parts:
CONTENT - Sign only the content (preserves element structure)ELEMENT - Sign entire element (more secure)
-
Single Certificate:
sigUseSingleCert: true - Use single certificate (simpler, less secure)sigUseSingleCert: false - Use certificate chain (more secure, recommended)
-
WSI BSP Compliance:
sigWsiBSPCompliant: true - WSI Basic Security Profile compliance- Ensures compatibility with WSI BSP standards
-
Key Store:
- Signature keystore must be configured in Apinizer
- Keystore must contain appropriate private keys/certificates
- Key identifier type must match keystore content
-
Performance: Signing adds significant cryptographic processing overhead. Use for necessary security only.
-
Pipeline:
REQUEST pipeline signs outgoing requestsRESPONSE pipeline signs outgoing responses
-
Error Handling: Invalid keystore, missing keys, or configuration errors cause policy to fail
-
Deployment: Policy changes require deployment to take effect. Set
deploy: true or deploy manually.
