Business Rule Policy
General Information
Policy Type
policy-business-rule
UI Documentation
📖 For detailed information: [UI Documentation Link - Link will be added here]
Description
Business Rule policy executes custom business logic actions on request/response messages. It supports ADD, MODIFY, DELETE, and STOP actions with various operators for data manipulation, transformation, and flow control. This policy enables complex business logic implementation without custom code.
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
Headers
| Header | Value |
|---|---|
| Authorization | Bearer {token} |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Response
Success Response (200 OK)
{
"success": true,
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-business-rule",
"name": "business-rule-policy",
"description": "Add timestamp to request",
"active": true,
"actionList": [
{
"actionType": "ADD",
"sourceVar": {
"type": "CONTEXT_VALUES",
"contextValue": "NOW"
},
"sourceDataType": "STRING",
"targetValSource": "VALUE",
"targetVal": "${NOW}",
"targetVar": {
"type": "HEADER",
"headerName": "X-Timestamp"
}
}
]
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
Headers
| Header | Value |
|---|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example - Add Header
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-business-rule",
"description": "Add timestamp header",
"active": true,
"actionList": [
{
"actionType": "ADD",
"sourceVar": {
"type": "HEADER",
"headerName": "X-Source"
},
"targetVar": {
"type": "HEADER",
"headerName": "X-Timestamp"
},
"targetValSource": "VALUE",
"targetValue": "${now}",
"sourceDataType": "STRING"
}
]
}
}
Full JSON Body Example - Modify Value with Mask
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-business-rule",
"description": "Mask credit card number",
"active": true,
"actionList": [
{
"actionType": "MODIFY",
"sourceVar": {
"type": "BODY",
"bodyJsonPath": "$.creditCard"
},
"sourceDataType": "STRING",
"operator": "MASK",
"maskFrom": 4,
"maskTo": 12,
"targetValSource": "VALUE",
"targetVal": "****-****-****",
"targetVar": {
"type": "BODY",
"bodyJsonPath": "$.creditCard"
}
}
]
}
}
Full JSON Body Example - Stop Flow
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-business-rule",
"description": "Stop request if unauthorized",
"active": true,
"actionList": [
{
"actionType": "STOP"
}
]
}
}
Request Body Fields
operationMetadata
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| targetScope | string | Yes | - | Policy scope: ALL or ENDPOINT |
| targetEndpoint | string | No* | - | Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod | string | No* | - | HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline | string | Yes | - | Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy | boolean | No | true | Whether to deploy after adding policy |
| deployTargetEnvironmentNameList | array | No | [] | List of environment names to deploy to |
| order | integer | No | null | Policy execution order (starts from 1) |
Enum: targetScope
ALL- Policy applies to all endpointsENDPOINT- Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST- Executes in request pipelineRESPONSE- Executes in response pipelineERROR- Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET,POST,PUT,DELETE,PATCH,OPTIONS,HEAD
policy
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| type | string | Yes | - | Policy type: policy-business-rule |
| description | string | No | - | Policy description |
| active | boolean | No | true | Whether policy is active |
| actionList | array | Yes | - | List of actions to execute (at least one required) |
Note: actionList must contain at least one action.
actionList
Each action is an object with the following fields:
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| actionType | string | Yes | - | Action type: ADD, MODIFY, DELETE, or STOP |
| sourceVar | object | No* | - | Source variable (required for ADD, MODIFY, DELETE) |
| sourceVarBodyInjectionFieldName | string | No | - | Body injection field name |
| sourceDataType | string | No* | - | Source data type (required for MODIFY) |
| sourceTemporalFormat | string | No | - | Temporal format (if sourceDataType=TEMPORAL) |
| operator | string | No* | - | Modification operator (required for MODIFY) |
| substringFrom | integer | No | - | Substring start index (for SUBSTRING operator) |
| substringTo | integer | No | - | Substring end index (for SUBSTRING operator) |
| maskFrom | integer | No | - | Mask start index (for MASK operator) |
| maskTo | integer | No | - | Mask end index (for MASK operator) |
| replaceSource | string | No | - | Replace source pattern (for REPLACE_IN/REPLACE_WITH) |
| insertOffset | integer | No | - | Insert offset (for INSERT operator) |
| temporalOperatorTimeUnit | string | No | - | Temporal time unit (for TEMPORAL operations) |
| replaceFirst | string | No | - | Replace first pattern (for REPLACE_FIRST) |
| targetValSource | string | No* | - | Target value source (required for ADD, MODIFY) |
| targetVal | string | No* | - | Target value (required if targetValSource=VALUE) |
| targetVar | object | No* | - | Target variable (required for ADD, MODIFY) |
| transformationContentType | string | No | - | Transformation content type |
| formatAllowsInvalid | boolean | No | false | Format allows invalid characters |
| formatValueContainsLiteralCharacters | boolean | No | false | Format value contains literal characters |
| formatInvalidCharacters | string | No | - | Format invalid characters |
| formatPlaceholder | string | No | - | Format placeholder |
| jsonToXmlIgnoreNull | boolean | No | false | JSON to XML ignore null |
| jsonToXmlIgnoreEmpty | boolean | No | false | JSON to XML ignore empty |
| jsonToXmlUseNullForNil | boolean | No | false | JSON to XML use null for nil |
| jsonToXmlUnwrapElement | boolean | No | false | JSON to XML unwrap element |
| xmlToJsonUnwrapElement | boolean | No | false | XML to JSON unwrap element |
| xmlToJsonIgnoreNull | boolean | No | false | XML to JSON ignore null |
| xmlToJsonIgnoreEmpty | boolean | No | false | XML to JSON ignore empty |
| xmlToJsonNumbersAsStrings | boolean | No | false | XML to JSON numbers as strings |
| xmlToJsonUseNullForNil | boolean | No | false | XML to JSON use null for nil |
| xmlToJsonArrayPathList | array | No | [] | XML to JSON array path list |
| claimJsonPath | string | No | - | JWT claim JSON path |
EnumActionType
ADD- Add new value to target variableMODIFY- Modify existing value in source variableDELETE- Delete value from source variableSTOP- Stop request/response flow
EnumActionSourceDataType
STRING- String data typeNUMERIC- Numeric data typeTEMPORAL- Date/time data type
EnumActionSourceValueModificationOperator
- Numeric operations:
ADD,SUBTRACT,MULTIPLY,DIVIDE,MODULUS,POWER - String operations:
CONCAT,REPLACE_IN,REPLACE_WITH,REPLACE_FIRST,SUBSTRING,MASK,FORMAT,TRANSFORM,INSERT,TRIM,ENCODE,DECODE,URL_ENCODE,URL_DECODE,EXTRACT_JWT_HEADER_CLAIM,EXTRACT_JWT_BODY_CLAIM - Temporal operations:
ADD_TEMPORAL,SUBTRACT_TEMPORAL
EnumValueSource
VALUE- Use static valueVARIABLE- Extract from variable
EnumTransformationContentType
XSLT- XSLT transformationJOLT- JOLT transformationXML2JSON- XML to JSON conversionJSON2XML- JSON to XML conversion
EnumTimeUnit
MILLISECOND,SECOND,MINUTE,HOUR,DAY,WEEK,MONTH,YEAR
Action Requirements
- ADD: Requires
sourceVar,targetValSource,targetVar. IftargetValSource=VALUE, requirestargetVal. - MODIFY: Requires
sourceVar,sourceDataType,operator,targetValSource. IftargetValSource=VALUE, requirestargetVal. Operator-specific fields required based on operator. - DELETE: Requires
sourceVaronly. - STOP: No additional fields required.
Operator-Specific Fields
- SUBSTRING: Requires
substringFrom(and optionallysubstringTo) - MASK: Requires
maskFrom(and optionallymaskTo) - INSERT: Requires
insertOffset - TRANSFORM: Requires
transformationContentType - TEMPORAL: Requires
temporalOperatorTimeUnitandsourceTemporalFormat
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/business-rule-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-business-rule",
"description": "Add timestamp header",
"active": true,
"actionList": [
{
"actionType": "ADD",
"sourceVar": {
"type": "CONTEXT_VALUES",
"contextValue": "NOW"
},
"sourceDataType": "STRING",
"targetValSource": "VALUE",
"targetVal": "${NOW}",
"targetVar": {
"type": "HEADER",
"headerName": "X-Timestamp"
}
}
]
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
Headers
| Header | Value |
|---|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-business-rule",
"description": "Updated: Add timestamp and request ID headers",
"active": true,
"actionList": [
{
"actionType": "ADD",
"sourceVar": {
"type": "HEADER",
"headerName": "X-Source"
},
"targetVar": {
"type": "HEADER",
"headerName": "X-Timestamp"
},
"targetValSource": "VALUE",
"targetValue": "${now}",
"sourceDataType": "STRING"
},
{
"actionType": "ADD",
"sourceVar": {
"type": "HEADER",
"headerName": "User-Agent"
},
"targetVar": {
"type": "HEADER",
"headerName": "X-Request-ID"
},
"targetValSource": "VALUE",
"targetValue": "${uuid}",
"sourceDataType": "STRING"
}
]
}
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
Headers
| Header | Value |
|---|---|
| Authorization | Bearer {token} |
| Content-Type | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
| policyName | string | Yes | Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": []
}
}
Notes and Warnings
- Action Types:
ADD- Adds new value to target variableMODIFY- Modifies existing value with operatorDELETE- Removes value from source variableSTOP- Stops request/response flow immediately
- Operators:
- Numeric: ADD, SUBTRACT, MULTIPLY, DIVIDE, MODULUS, POWER
- String: CONCAT, REPLACE_IN, REPLACE_WITH, REPLACE_FIRST, SUBSTRING, MASK, FORMAT, TRANSFORM, INSERT, TRIM, ENCODE, DECODE, URL_ENCODE, URL_DECODE, EXTRACT_JWT_HEADER_CLAIM, EXTRACT_JWT_BODY_CLAIM
- Temporal: ADD_TEMPORAL, SUBTRACT_TEMPORAL
- Action Requirements:
- ADD: Requires sourceVar, targetValSource, targetVar
- MODIFY: Requires sourceVar, sourceDataType, operator, targetValSource
- DELETE: Requires sourceVar only
- STOP: No additional fields required
- Operator-Specific Fields: Required fields vary by operator (e.g., MASK requires maskFrom/maskTo)
- Execution Order: Actions are executed in the order they appear in actionList
- STOP Action: When STOP action executes, subsequent actions and policies are not executed
- Performance: Business rules add processing overhead. Use efficiently.
- Pipeline:
REQUESTpipeline executes actions on request before forwardingRESPONSEpipeline executes actions on response before sending to client
- Error Handling: Invalid action configuration may cause policy execution to fail
- Deployment: Policy changes require deployment to take effect. Set
deploy: trueor deploy manually.
Related Documentation
- List Policies - List all policies
- Add Policy - General policy addition guide
- Update Policy - General policy update guide
- Delete Policy - General policy deletion guide
- Redaction Policy - Remove or modify sensitive data