Policies
This section describes the general features of the policies. For detailed information on any policy and how to configure it, please refer to the relevant policy's own page.
Entities used to define a set of rules, restrictions and transformations for the purposes of security, performance improvement and ease of use for messages coming to or returning from the API are generally referred to as policies.
The policy allows API behavior to be 'programmed' without the need for code development. It is designed to easily and reliably meet common management requirements for APIs.
It offers features such as security, rate limiting, conversion and brokerage capabilities and relieves you of the burden of writing code and maintaining these functions. Each policy works like a separate module that implements a specific function and whose behavior can be customized by configuration.
Policy Types
The policies offered on the Apinizer Platform can be roughly grouped functionally as follows:
Security and Authentication Policies
Perform simple authentication with username and password.
Authenticate with Base64 encoded username and password.
Authenticate with SHA1 hash encrypted password, nonce and timestamp.
Perform stateless authentication with JSON Web Token, manage token generation and validation processes.
Perform token-based authorization with OAuth 2.0 protocol, provide secure and standard API access control.
Validate JWT, JWS and JWE standards, perform signature and encryption verification.
Sign and encrypt your JSON data returned from Backend API with JOSE standards.
Perform secure authentication with mutual TLS certificate.
Automatically add credentials to Backend APIs.
Perform enterprise authentication and SSO integration with SAML token.
Encrypt API messages to protect sensitive data and ensure secure transmission.
Guarantee data integrity and source with digital signature.
Provide secure access to original content by decrypting encrypted messages.
Verify your data integrity using digital signatures.
Secure SOAP messages by encrypting with WS-Security standard.
Decrypt encrypted SOAP messages with WS-Security protocol.
Validate WS-Security signatures to ensure message authenticity and integrity.
Process and configure WS-Security headers in outgoing SOAP .
Process WS-Security headers in incoming SOAP messages.
Retrieve and manage WS-Security token from Token Service.
Add username token validation to SOAP messages.
Prevent replay attacks by adding timestamp to SOAP messages.
Control and manage resource access based on user roles.
Access Control and Limiting Policies
Block requests from specific IP addresses.
Allowrequests from specific IPs or ranges.
Control API access during specific days and time intervals.
Limit the number of requests sent to the API within specific periods (hour/day/month).
Limit and control the rate of requests sent to the API within short time periods (second/minute).
Data Manipulation Policies
Transform JSON data to different formats using Jolt.
Transform XML data to different formats using XSLT.
Hide sensitive data in response messages by masking or deleting.
Threat Protection Policies
Filter messages with regex rules to detect harmful content.
Validate JSON message schema compliance.
Validate XML message compliance with defined schema
Block excessively large message requests.
Block excessively small message requests.
Other Policies
Customize and process messages with JavaScript or Groovy.
Call external services within API flow and process responses.
Add, modify or delete messages based on conditions.