Policies API
Overview
The Policies API provides endpoints for managing policies in API proxies. Policies are rules that can be applied to requests, responses, or errors to control behavior, security, transformation, and more.
Endpoints
- List Policies - Get all policies for an API proxy
- Add Policy - Add a new policy to an API proxy
- Update Policy - Update an existing policy
- Delete Policy - Delete a policy from an API proxy
Policy Types
Policies are organized by type. Each policy type has its own documentation page with complete examples:
Authentication Policies
- Basic Authentication
- Clear Text Authentication
- Digest Authentication
- JWT Authentication
- OAuth2 Authentication
- OIDC Authentication
- mTLS Authentication
- API Authentication
- SAML Validation
Security Policies
- WS-Security Encrypt
- WS-Security Decrypt
- WS-Security Sign
- WS-Security Sign Validation
- WS-Security Username Token
- WS-Security Timestamp
- WS-Security From Target
- WS-Security To Target
- JOSE Validation
- JOSE Implementation
- Digital Sign
- Digital Sign Verification
- Encryption
- Decryption
Rate Limiting & Quota Policies
IP Filtering Policies
Transformation Policies
- JSON Transformation
- XML Transformation
- Request Protocol Transformation
- Response Protocol Transformation
Validation Policies
Content Policies
Scripting Policies
Integration Policies
Advanced Policies
Authentication
All endpoints require authentication using a Personal API Access Token.
Permissions
ROLE_MANAGE_PROXIES- Required for all policy operationsROLE_DEPLOY_UNDEPLOY_PROXIES- Required for deployment operations
Related Documentation
- Authentication Guide - How to obtain and use API tokens
- Error Handling - Error response formats