Message Flow

The Development tab is where policies to be applied to request and response messages during message flow are configured. The interface is designed to display this flow. This allows the user to visually see which policies are applied in which order before a request message is sent to the Backend API, and which policies are applied in which order before the response message from the Backend API is forwarded to the client. The flow between the Client and Backend API is represented by:

  • An arrow symbolizing the request message leaving the Client and going to the Backend API,
  • An arrow symbolizing the response message leaving the Backend API and going to the Client,
  • Icons showing the policies applied on the request or response message and their order of application


Details of the policies will not be covered in this section. For detailed information about policies, please refer to the Policies page.

Client

Displayed in the frame on the left side of the interface. It is the stakeholder that sends requests to the API Proxy. It initiates the flow. The message leaving the Client reaches the Backend API after policies are applied.

Backend API

The original API that is closed to direct access by the client through the API Proxy and hidden from the client, which receives requests from the API Proxy and returns its responses to the API Proxy. Displayed with the frame on the right side of the interface. The Backend API's response is sent to the Client after policies are applied.

When the API link in the Backend API box is clicked, the Backend API's API Definition Document is displayed.

Policy Management

Policies are configurations made to describe operations such as security, message filtering, validation, transformation or enrichment, partial business logic implementation, error management, etc. that are desired to be performed on request and response messages. The API Gateway executes the policies defined to it through these configurations during the message flow between the Client and Backend API.

This section generally describes the operations that can be performed on policies. To obtain detailed information about any policy, you can refer to the documentation for the relevant policy in the Policies section.


Policy Location and Execution Order

Policies can be added to 3 different points:

  • API Proxy Group
  • API Proxy
  • Method/Endpoint

A policy added to an API Proxy Group is executed only if the request comes through that API Proxy Group. A policy added to an API Proxy is executed for all methods/endpoints of that API Proxy. A policy added to a method/endpoint is executed only for that method/endpoint.

The image below shows an example of policies added to all 3 points. In the image, it can be seen that the API Proxy with the selected method/endpoint named GET - findByStatus has been added to an API Proxy Group named Proxy Group - 1. The marked areas are where policies are displayed depending on where they are added.

  • In the area marked with frame number 1, policies that have been added for this API Proxy without selecting any method/endpoint, to be valid for all methods/endpoints and to be applied to request messages are shown. The text "All" indicates this.
  • In the area marked with frame number 2, policies that will be valid for the selected method/endpoint and will be applied to request messages are shown.
  • In the area marked with frame number 3, policies that will be valid for the selected method/endpoint and will be applied to response messages are shown.
  • In the area marked with frame number 4, policies that have been added for this API Proxy without selecting any method/endpoint, to be valid for all methods/endpoints and to be applied to response messages are shown. The text "All" indicates this.



If this API Proxy is added to any API Proxy Group, there are policies in the added API Proxy Group, and the request comes through the API Proxy Group, those on the request line are applied first, then the policies on the response line are also applied. However, this is not shown on this page.

If any policy is added for any method/endpoint of the API Proxy, a gear icon appears next to the method/endpoint.
If a specific method/endpoint of the API Proxy is not selected (or if "All" is selected), 2 regions appear as shown in the image below.

  • In the area marked with frame number 1, policies that have been added to be valid for all methods/endpoints of this API Proxy and will be applied to request messages are shown.
  • In the area marked with frame number 2, policies that have been added to be valid for all methods/endpoints of this API Proxy and will be applied to response messages are shown.


Policy Execution Order

Policies are executed during message flow;

  • For request messages in the order API Proxy Group → API Proxy → method/endpoint
  • For response messages in the order method/endpoint → API Proxy → API Proxy Group

At each level, the policies at that level are processed according to the order in the message flow direction. In the image below, this situation is summarized, and the processing order of policies is shown numbered.



Policy Execution Order in Error Situations


Policies to be executed in error situations are added with the "Add Error Policy" option.
In case of an error at any point in the flow, the normal flow is interrupted and first, if available, the error response template is applied to the error message.
Afterwards, the policies added to the "Error Policies" line are executed in order from right to left.

Adding Policy to Flow

To add a policy;

  • The entity to which the policy is to be added is selected. For example, for a policy that is desired to be applied to all methods/endpoints of the API Proxy, All is selected in the method/endpoint field of that API Proxy.
  • The Add Policy icon in the appropriate field is clicked depending on whether the policy will be added to the request message or response message.


From the opened window, the type of policy to be added is selected. The policy types shown in this window vary according to the type of the active API Proxy and which region the policy is desired to be added to.

  • When the policy to be added is selected, a window opens where configuration information related to that policy can be entered. Policies can be added in different ways from this window:
  1. To add an existing global policy, click on the Select From Global Policies link next to the policy type at the top of the policy window. The operation is completed by selecting the appropriate policy from the opened window.
  3. To create a local policy, a local policy is created with the data entered in the opened window without performing any special operation.

Updating Policy in the Flow

When the icon of an existing policy is clicked, a window opens where that policy's information can be updated.

Activating/Deactivating the Selected Policy

A policy can be temporarily removed from use without being deleted from the method/endpoint or API Proxy to which it has been added. To do this, the policy is opened for updating and the Deactivate button at the top of the opened window is clicked.

Activating/Deactivating All Policies

In the method/endpoint section, the Disable All Policies link appears at the bottom of the middle section. When this link is clicked, if the All option is selected, all policies added to the API Proxy are disabled; if within any method, only all policies added within that method are disabled. The policies that have been removed from use can later be reactivated individually from the policy update window or collectively by clicking the Activate All Policies link.

When policies are disabled, the colors of the icons change to take on a gray appearance.

If the API Proxy is added to an API Proxy Group and policies are applied through this API Proxy Group, disabling all policies does not affect the policies coming from the API Proxy Group, these policies remain active.


Removing Policy from Flow

When the mouse is brought over the policy to be deleted, an icon appears that will delete the policy. The policy can be deleted by clicking this icon.


In the policy deletion operation performed in the Development tab;

  • if the policy is local, it is completely deleted,
  • if the policy is global, only its association with this method/endpoint or API Proxy is removed, the policy itself is not deleted. It can be added again later. If a global policy is to be completely deleted, the deletion operation must be performed from the Global Policies interfaces.