WS Security Username Policy - Apinizer Dokümantasyonu

General Information

Policy Type

policy-ws-security-username

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer `{token}`

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-ws-security-username",
            "name": "ws-security-username-policy",
            "description": "Add UsernameToken to SOAP requests",
            "active": true,
            "mustUnderstand": true,
            "username": "myuser",
            "password": null,
            "passwordType": "PasswordText",
            "nonce": true,
            "created": true
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

Note: Password is cleared in list operations for security.

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example - PasswordText

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-username",
    "description": "Add UsernameToken with plain text password",
    "active": true,
    "mustUnderstand": true,
    "username": "myuser",
    "password": "mypassword",
    "passwordType": "PasswordText",
    "nonce": true,
    "created": true
  }
}

Full JSON Body Example - PasswordDigest

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-username",
    "description": "Add UsernameToken with password digest",
    "active": true,
    "mustUnderstand": true,
    "username": "myuser",
    "password": "mypassword",
    "passwordType": "PasswordDigest",
    "nonce": true,
    "created": true
  }
}

Full JSON Body Example - Minimal Configuration

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-username",
    "description": "Add UsernameToken without nonce and created",
    "active": true,
    "mustUnderstand": true,
    "username": "myuser",
    "password": "mypassword",
    "passwordType": "PasswordText",
    "nonce": false,
    "created": false
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: `ALL` or `ENDPOINT`
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: `REQUEST`, `RESPONSE`, or `ERROR`
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

ALL - Policy applies to all endpoints
ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

REQUEST - Executes in request pipeline (adds UsernameToken to outgoing requests)
RESPONSE - Executes in response pipeline (adds UsernameToken to outgoing responses)
ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: `policy-ws-security-username`
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
mustUnderstand	boolean	No	true	WS-Security header mustUnderstand attribute
username	string	Yes	-	UsernameToken username
password	string	Yes	-	UsernameToken password
passwordType	string	Yes	-	UsernameToken password type. See EnumWsSecurityPasswordType
nonce	boolean	No	false	Add nonce to UsernameToken
created	boolean	No	false	Add created timestamp to UsernameToken

EnumWsSecurityPasswordType

PasswordText - Plain text password (less secure)
PasswordDigest - Password digest (hashed password, more secure, recommended)

Note

username, password, and passwordType are required.
nonce and created add additional security to UsernameToken.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/ws-security-username-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-ws-security-username",
      "description": "Add UsernameToken to SOAP requests",
      "active": true,
      "mustUnderstand": true,
      "username": "myuser",
      "password": "mypassword",
      "passwordType": "PasswordText",
      "nonce": true,
      "created": true
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["tester"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-username",
    "description": "Add UsernameToken with plain text password",
    "active": true,
    "mustUnderstand": true,
    "username": "myuser",
    "password": "mypassword",
    "passwordType": "PasswordText",
    "nonce": true,
    "created": true
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer `{token}`
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

Password Types:
- PasswordText - Plain text password (less secure, not recommended for production)
- PasswordDigest - Hashed password (more secure, recommended)
Nonce and Created:
- nonce: true - Adds random nonce to prevent replay attacks
- created: true - Adds timestamp to UsernameToken
- Both enhance security and are recommended
Security:
- Password digest uses SHA-1 hash with nonce and timestamp
- More secure than plain text password
- Recommended for production use
Performance: UsernameToken adds minimal overhead. Use for necessary authentication.
Pipeline:
- REQUEST pipeline adds UsernameToken to outgoing requests
- RESPONSE pipeline adds UsernameToken to outgoing responses
Error Handling: Invalid username/password configuration causes policy to fail
Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

List Policies - List all policies
Add Policy - General policy addition guide
Update Policy - General policy update guide
Delete Policy - General policy deletion guide
WS Security To Target Policy - Complete WS-Security configuration

Home

​General Information

​Policy Type

​Endpoints

​List Policies

​Add Policy

​Update Policy

​Delete Policy

​List Policies

​Endpoint

​Request

​Headers

​Path Parameters

​Response

​Success Response (200 OK)

​cURL Example

​Add Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example - PasswordText

Full JSON Body Example - PasswordDigest

Full JSON Body Example - Minimal Configuration

​Request Body Fields

operationMetadata

policy

​EnumWsSecurityPasswordType

​Note

​Response

​Success Response (200 OK)

​cURL Example

​Update Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Response

​Success Response (200 OK)

​Delete Policy

​Endpoint

​Request

​Headers

​Path Parameters

​Request Body

Full JSON Body Example

​Response

​Success Response (200 OK)

​Notes and Warnings

​Related Documentation

General Information

Policy Type

Endpoints

List Policies

Add Policy

Update Policy

Delete Policy

List Policies

Endpoint

Request

Headers

Path Parameters

Response

Success Response (200 OK)

cURL Example

Add Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Request Body Fields

EnumWsSecurityPasswordType

Note

Response

Success Response (200 OK)

cURL Example

Update Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Response

Success Response (200 OK)

Delete Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Response

Success Response (200 OK)

Notes and Warnings

Related Documentation