WS Security Decrypt Policy

General Information

Policy Type

policy-ws-security-decrypt

UI Documentation

📖 For detailed information: [UI Documentation Link - Link will be added here]

Description

WS Security Decrypt policy decrypts encrypted SOAP message parts from backend responses. It processes WS-Security Encryption elements according to WS-Security standards.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer {token}

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [],
        "responsePolicyList": [
          {
            "type": "policy-ws-security-decrypt",
            "name": "ws-security-decrypt-policy",
            "description": "Decrypt WS-Security encrypted content",
            "active": true,
            "allowCaseInsensitiveId": false,
            "decKeyStoreName": "decryption-keystore"
          }
        ],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "RESPONSE",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-decrypt",
    "description": "Decrypt WS-Security encrypted content",
    "active": true,
    "allowCaseInsensitiveId": false,
    "decKeyStoreName": "decryption-keystore"
  }
}

Full JSON Body Example - Case Insensitive ID Matching

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "RESPONSE",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-decrypt",
    "description": "Decrypt with case insensitive ID matching",
    "active": true,
    "allowCaseInsensitiveId": true,
    "decKeyStoreName": "decryption-keystore"
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: `ALL` or `ENDPOINT`
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: `REQUEST`, `RESPONSE`, or `ERROR`
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

ALL - Policy applies to all endpoints
ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

REQUEST - Executes in request pipeline (decrypts incoming requests)
RESPONSE - Executes in response pipeline (decrypts backend responses)
ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: `policy-ws-security-decrypt`
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
allowCaseInsensitiveId	boolean	No	false	Allow case insensitive ID attribute matching (for cross-platform compatibility)
decKeyStoreName	string	Yes	-	Decryption keystore name

Note

decKeyStoreName is required.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/ws-security-decrypt-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "RESPONSE",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-ws-security-decrypt",
      "description": "Decrypt WS-Security encrypted content",
      "active": true,
      "allowCaseInsensitiveId": false,
      "decKeyStoreName": "decryption-keystore"
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "RESPONSE",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-ws-security-decrypt",
    "description": "Updated: WS-Security decryption with production keystore",
    "active": true,
    "allowCaseInsensitiveId": false,
    "decKeyStoreName": "test-keystores"
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "RESPONSE",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

Decryption:
- Decrypts encrypted SOAP content from backend responses
- Requires decryption keystore with appropriate private keys
- Decryption keystore must match encryption keystore used by backend
Case Insensitive ID Matching:
- allowCaseInsensitiveId: true allows matching ID attributes regardless of case
- Useful for cross-platform compatibility (e.g., .NET vs Java)
- May be necessary when backend uses different ID attribute casing
Key Store:
- Decryption keystore must be configured in Apinizer
- Keystore must contain appropriate private keys
- Keys must match those used by the backend service for encryption
Performance: Decryption adds cryptographic processing overhead. Use for necessary security only.
Pipeline:
- REQUEST pipeline decrypts incoming requests
- RESPONSE pipeline decrypts backend responses (most common)
Error Handling:
- Decryption failure causes policy to fail
- Invalid keystore or missing keys causes policy to fail
Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

List Policies - List all policies
Add Policy - General policy addition guide
Update Policy - General policy update guide
Delete Policy - General policy deletion guide
WS Security Encrypt Policy - Encrypt WS-Security content

WS Security Decrypt Policy

General Information

Policy Type

UI Documentation

Description

Endpoints

List Policies

Add Policy

Update Policy

Delete Policy

List Policies

Endpoint

Request

Headers

Path Parameters

Response

Success Response (200 OK)

cURL Example

Add Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Full JSON Body Example

Full JSON Body Example - Case Insensitive ID Matching

Request Body Fields

operationMetadata

policy

Note

Response

Success Response (200 OK)

cURL Example

Update Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Full JSON Body Example

Response

Success Response (200 OK)

Delete Policy

Endpoint

Request

Headers

Path Parameters

Request Body

Full JSON Body Example

Response

Success Response (200 OK)

Notes and Warnings

Related Documentation