API Call Policy

General Information

Policy Type

policy-api-call

UI Documentation

📖 For detailed information: [UI Documentation Link - Link will be added here]

Description

API Call policy makes HTTP/HTTPS calls to external APIs during request/response processing. It supports synchronous (two-way) and one-way (fire-and-forget) calls, request/response transformation, caching, mTLS, and comprehensive message manipulation.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

---

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer {token}

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-api-call",
            "name": "external-api-call",
            "description": "Call external API for validation",
            "active": true,
            "callType": "SYNCHRONOUS",
            "httpMethod": "POST",
            "url": "https://api.example.com/validate",
            "timeout": 5000,
            "certificateEnabled": false,
            "enableCache": false
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

---

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example - Synchronous Call with Cache

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-call",
    "description": "Call external validation API with caching",
    "active": true,
    "callType": "SYNCHRONOUS",
    "httpMethod": "POST",
    "url": "https://api.example.com/validate",
    "timeout": 5000,
    "certificateEnabled": false,
    "clearBodyBeforeCall": false,
    "useMessageTemplateBeforeCall": true,
    "enumTestConsoleRequestBodyType": "JSON",
    "bodyContentBeforeCall": "{\n  \"userId\": \"${userId}\",\n  \"action\": \"validate\"\n}",
    "urlEncodedList": [],
    "dataManipulationListBeforeCall": [],
    "removeAllHeadersBeforeCall": true,
    "headersToBeDeletedBeforeCallList": [],
    "headersToBeAddedBeforeCallList": [
      {
        "name": "Content-Type",
        "valueSource": "VALUE",
        "value": "application/json",
        "prefix": null
      },
      {
        "name": "Authorization",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "Authorization"
        },
        "prefix": "BEARER"
      }
    ],
    "removeAllParametersBeforeCall": true,
    "parametersToBeDeletedBeforeCallList": [],
    "parametersToBeAddedBeforeCallList": [
      {
        "name": "apiKey",
        "valueSource": "VALUE",
        "value": "your-api-key"
      }
    ],
    "enableCache": true,
    "cacheBy": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "capacity": 1000,
    "ttl": 3600,
    "cacheNullResponses": false,
    "cacheStorageType": "DISTRIBUTED",
    "afterCallBodyOperationType": "REPLACE_BODY",
    "useMessageTemplateAfterCall": false,
    "messageTemplateContentTypeAfterCall": "JSON",
    "bodyContentAfterCall": null,
    "dataManipulationListAfterCall": [],
    "removeAllHeadersAfterCall": false,
    "headersToBeDeletedAfterCallList": [],
    "headersToBeAddedAfterCallList": [],
    "removeAllParametersAfterCall": false,
    "parametersToBeDeletedAfterCallList": [],
    "parametersToBeAddedAfterCallList": [],
    "prepareMessage": false,
    "modifyMessage": false,
    "newBodyContentSourceType": null
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: ALL or ENDPOINT
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: REQUEST, RESPONSE, or ERROR
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

• ALL - Policy applies to all endpoints
• ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

• REQUEST - Executes in request pipeline
• RESPONSE - Executes in response pipeline
• ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

• GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: policy-api-call
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
callType	string	Yes	-	Call type: SYNCHRONOUS or ONE_WAY
httpMethod	string	Yes	-	HTTP method for API call
url	string	Yes	-	Target API URL
timeout	integer	No	-	Request timeout in milliseconds
certificateName	string	No	-	Certificate name for mTLS (required if certificateEnabled=true)
certificateEnabled	boolean	No	false	Enable mTLS certificate
clearBodyBeforeCall	boolean	No	false	Clear request body before API call
useMessageTemplateBeforeCall	boolean	No	true	Use message template for request body
enumTestConsoleRequestBodyType	string	No	XML	Request body content type
bodyContentBeforeCall	string	No	-	Request body template
urlEncodedList	array	No	[]	URL encoded form parameters
dataManipulationListBeforeCall	array	No	[]	Data manipulation for request
removeAllHeadersBeforeCall	boolean	No	true	Remove all headers before call
headersToBeDeletedBeforeCallList	array	No	[]	Headers to delete before call
headersToBeAddedBeforeCallList	array	No	[]	Headers to add before call
removeAllParametersBeforeCall	boolean	No	true	Remove all parameters before call
parametersToBeDeletedBeforeCallList	array	No	[]	Parameters to delete before call
parametersToBeAddedBeforeCallList	array	No	[]	Parameters to add before call
enableCache	boolean	No	false	Enable response caching
cacheBy	object	No	-	Variable for cache key
capacity	integer	No*	-	Cache capacity (required if enableCache=true)
ttl	integer	No*	-	Cache TTL in seconds (required if enableCache=true)
cacheNullResponses	boolean	No	true	Cache null/error responses
cacheStorageType	string	No	DISTRIBUTED	Cache storage type
afterCallBodyOperationType	string	No	-	Operation on original body after call
useMessageTemplateAfterCall	boolean	No	true	Use message template after call
messageTemplateContentTypeAfterCall	string	No	XML	Response body content type
bodyContentAfterCall	string	No	-	Response body template
dataManipulationListAfterCall	array	No	[]	Data manipulation for response
removeAllHeadersAfterCall	boolean	No	false	Remove all headers after call
headersToBeDeletedAfterCallList	array	No	[]	Headers to delete after call
headersToBeAddedAfterCallList	array	No	[]	Headers to add after call
removeAllParametersAfterCall	boolean	No	false	Remove all parameters after call
parametersToBeDeletedAfterCallList	array	No	[]	Parameters to delete after call
parametersToBeAddedAfterCallList	array	No	[]	Parameters to add after call
prepareMessage	boolean	No	false	Prepare message flag
modifyMessage	boolean	No	false	Modify message flag
newBodyContentSourceType	string	No	-	Source type for new body content

EnumPolicyRestApiCallType

• SYNCHRONOUS - Two-way call, waits for response (supports caching)
• ONE_WAY - Fire-and-forget call, no response expected (no caching)

EnumHttpRequestMethod

• GET - GET request
• POST - POST request
• PUT - PUT request
• DELETE - DELETE request
• PATCH - PATCH request
• OPTIONS - OPTIONS request
• HEAD - HEAD request

EnumMessageTemplateContentType

• XML - XML content
• JSON - JSON content
• RAW - Raw text content
• URL_ENCODED - application/x-www-form-urlencoded

EnumCacheStorageType

• LOCAL - Local cache (per node)
• DISTRIBUTED - Distributed cache (shared across nodes)

EnumOriginalMessageOperationType

• NOT_CHANGE_BODY - Keep original body unchanged
• REPLACE_BODY - Replace original body with API call response
• CLEAR_BODY - Clear original body after call

EnumMessageTemplateContentType

• XML - XML content
• JSON - JSON content
• RAW - Raw text content

EnumBodyContentSourceType

• VALUE - Use static value
• VARIABLE - Use variable value

Note

• url and httpMethod are required.
• callType is required.
• If enableCache: true, capacity and ttl are required, and callType must be SYNCHRONOUS.
• If certificateEnabled: true, certificateName is required.

headersToBeAddedBeforeCallList / headersToBeAddedAfterCallList

Each header is an object with the following fields:

Field	Type	Required	Description
name	string	Yes	Header name
description	string	No	Header description
valueSource	string	Yes	Value source: VALUE or VARIABLE
value	string	No*	Header value (required if valueSource=VALUE)
variable	object	No*	Variable object (required if valueSource=VARIABLE)
prefix	string	No	Header prefix

EnumValueSource

• VALUE - Use static value
• VARIABLE - Extract from variable

EnumRestApiHeaderPrefix

• NONE - No prefix
• BASIC - Basic prefix (for Authorization header)
• BEARER - Bearer prefix (for Authorization header)
• DIGEST - Digest prefix (for Authorization header)

Note

• If valueSource: VALUE, provide value.
• If valueSource: VARIABLE, provide variable object.

parametersToBeAddedBeforeCallList / parametersToBeAddedAfterCallList

Each parameter is an object with the following fields:

Field	Type	Required	Description
name	string	Yes	Parameter name
description	string	No	Parameter description
valueSource	string	Yes	Value source: VALUE or VARIABLE
value	string	No*	Parameter value (required if valueSource=VALUE)
variable	object	No*	Variable object (required if valueSource=VARIABLE)

EnumValueSource

• VALUE - Use static value
• VARIABLE - Extract from variable

Note

• If valueSource: VALUE, provide value.
• If valueSource: VARIABLE, provide variable object.

urlEncodedList

Each form parameter is an object with the following fields:

Field	Type	Required	Description
key	string	Yes	Form parameter key
value	string	Yes	Form parameter value
description	string	No	Parameter description

Note: Used when enumTestConsoleRequestBodyType: URL_ENCODED.

dataManipulationListBeforeCall / dataManipulationListAfterCall

Each data manipulation is an object with the following fields:

Field	Type	Required	Description
operation	string	Yes	Operation type: ADD, ADD_OR_EDIT, or DELETE
sourceValueSource	string	No	Source value source: VALUE or VARIABLE
sourceVar	object	No	Source variable
sourceValue	string	No	Source value
targetName	string	Yes	Target field name/path
targetValueSource	string	No	Target value source: VALUE or VARIABLE
targetVar	object	No	Target variable
targetValue	string	No	Target value

EnumRestApiDataManipulationDefOperation

• ADD - Add new field
• ADD_OR_EDIT - Add or edit existing field
• DELETE - Delete field

EnumValueSource

• VALUE - Use static value
• VARIABLE - Extract from variable

cacheBy

Variable object for cache key generation:

Field	Type	Required	Description
type	string	Yes	Variable type: HEADER, PARAMETER, BODY, CONTEXT, SCRIPT
headerName	string	No*	Header name (required if type=HEADER)
paramName	string	No*	Parameter name (required if type=PARAMETER)
contextValue	string	No*	Context value (required if type=CONTEXT)

Note: Cache key is generated from the specified variable. If not provided, entire request is used as cache key.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/external-api-call/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-api-call",
      "description": "Call external API",
      "active": true,
      "callType": "SYNCHRONOUS",
      "httpMethod": "POST",
      "url": "https://api.example.com/validate",
      "timeout": 5000,
      "removeAllHeadersBeforeCall": true,
      "headersToBeAddedBeforeCallList": [
        {
          "name": "Content-Type",
          "valueSource": "VALUE",
          "value": "application/json"
        }
      ],
      "enableCache": false
    }
  }'

---

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-api-call",
    "description": "Updated: Call external validation API with enhanced caching",
    "active": true,
    "callType": "SYNCHRONOUS",
    "httpMethod": "POST",
    "url": "https://api.example.com/v2/validate",
    "timeout": 8000,
    "certificateEnabled": false,
    "clearBodyBeforeCall": false,
    "useMessageTemplateBeforeCall": true,
    "enumTestConsoleRequestBodyType": "JSON",
    "bodyContentBeforeCall": "{\n  \"userId\": \"${userId}\",\n  \"action\": \"validate\",\n  \"timestamp\": \"${timestamp}\"\n}",
    "urlEncodedList": [],
    "dataManipulationListBeforeCall": [],
    "removeAllHeadersBeforeCall": true,
    "headersToBeDeletedBeforeCallList": [],
    "headersToBeAddedBeforeCallList": [
      {
        "name": "Content-Type",
        "valueSource": "VALUE",
        "value": "application/json",
        "prefix": null
      },
      {
        "name": "Authorization",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "Authorization"
        },
        "prefix": "BEARER"
      },
      {
        "name": "X-Request-ID",
        "valueSource": "VARIABLE",
        "variable": {
          "type": "HEADER",
          "headerName": "X-Request-ID"
        },
        "prefix": null
      }
    ],
    "removeAllParametersBeforeCall": true,
    "parametersToBeDeletedBeforeCallList": [],
    "parametersToBeAddedBeforeCallList": [
      {
        "name": "apiKey",
        "valueSource": "VALUE",
        "value": "updated-api-key-2024"
      },
      {
        "name": "version",
        "valueSource": "VALUE",
        "value": "v2"
      }
    ],
    "enableCache": true,
    "cacheBy": {
      "type": "HEADER",
      "headerName": "Authorization"
    },
    "capacity": 5000,
    "ttl": 7200,
    "cacheNullResponses": false,
    "cacheStorageType": "DISTRIBUTED",
    "afterCallBodyOperationType": "REPLACE_BODY",
    "useMessageTemplateAfterCall": false,
    "messageTemplateContentTypeAfterCall": "JSON",
    "bodyContentAfterCall": null,
    "dataManipulationListAfterCall": [],
    "removeAllHeadersAfterCall": false,
    "headersToBeDeletedAfterCallList": [],
    "headersToBeAddedAfterCallList": [
      {
        "name": "X-Validated",
        "valueSource": "VALUE",
        "value": "true",
        "prefix": null
      }
    ],
    "removeAllParametersAfterCall": false,
    "parametersToBeDeletedAfterCallList": [],
    "parametersToBeAddedAfterCallList": [],
    "prepareMessage": false,
    "modifyMessage": false,
    "newBodyContentSourceType": null
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

---

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

---

Notes and Warnings

• Call Type:
  • SYNCHRONOUS - Waits for response, supports caching
  • ONE_WAY - Fire-and-forget, no caching support
• Caching:
  • Only available for SYNCHRONOUS calls
  • Requires capacity and ttl when enabled
  • Cache key can be based on variable (e.g., Authorization header)
• mTLS:
  • Requires certificateName when certificateEnabled: true
  • Certificate name is resolved to certificate ID automatically
  • Certificate must be configured in Certificate Store (project or global)
  • Certificate is searched first in project, then in global certificates
• Request Transformation:
  • Use bodyContentBeforeCall with variable placeholders (e.g., ${userId})
  • Variables are replaced at runtime
• Response Handling:
  • NOT_CHANGE_BODY - Original body remains unchanged
  • REPLACE_BODY - Original body replaced with API response
  • CLEAR_BODY - Original body cleared
• Headers and Parameters:
  • Can remove all or specific headers/parameters
  • Can add new headers/parameters with static values or variables
• URL Encoded Forms:
  • Use urlEncodedList when enumTestConsoleRequestBodyType: URL_ENCODED
• Data Manipulation:
  • Add, edit, or delete fields in request/response
  • Supports variable extraction and transformation
• Timeout: Specified in milliseconds
• Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

Related Documentation

• List Policies - List all policies
• Add Policy - General policy addition guide
• Update Policy - General policy update guide
• Delete Policy - General policy deletion guide