Glossary

Terms and Definitions

API Proxy

A proxy that sits between clients and backend services, providing API management capabilities such as security, transformation, and monitoring.

Policy

A rule that can be applied to requests, responses, or errors to control behavior, security, transformation, and more.

Pipeline

The execution flow for policies. There are three pipelines:

  • Request Pipeline: Executes before forwarding request to backend
  • Response Pipeline: Executes after receiving response from backend
  • Error Pipeline: Executes when an error occurs

Environment

A deployment target where API proxies can be deployed (e.g., production, staging, development).

Connection

A configuration for connecting to external systems (e.g., databases, message queues, email servers).

Credential

Authentication information used to access protected resources.

Certificate

A digital certificate used for SSL/TLS encryption and authentication.

Deployment

The process of publishing API proxy configurations to an environment.

Rate Limiting

Controlling the number of requests that can be made within a specified time period.

Throttling

Limiting the rate of requests to prevent overload.

Quota

A limit on the total number of requests allowed over a period of time.

Variable

A reference to data that can be extracted from requests, responses, or context. See Variable Definition for complete documentation.

Policy Condition

A condition that determines when a policy should be executed.

Endpoint

A specific path and HTTP method combination in an API proxy.

Project

A container for API proxies, policies, connections, and other resources.

RLCL

Rate Limit Control List - A list that defines rate limiting rules for specific credentials or endpoints.

GeoLocation

Geographic location settings for API proxies.

mTLS

Mutual TLS - A security protocol where both client and server authenticate each other using certificates.

OAuth2

An authorization framework for API access.

OIDC

OpenID Connect - An authentication layer built on top of OAuth2.

JWT

JSON Web Token - A compact token format for securely transmitting information.

WS-Security

Web Services Security - Standards for securing SOAP web services.

SAML

Security Assertion Markup Language - An XML-based standard for exchanging authentication and authorization data.

JOSE

JSON Object Signing and Encryption - Standards for signing and encrypting JSON data.

Enum

An enumeration - a fixed set of named values used in API requests and responses. See Enum Reference for complete list.

Status

Response status indicating success or failure of an operation. Values: SUCCESS, FAILURE.

Pipeline

The execution flow for policies. There are three pipelines: REQUEST, RESPONSE, and ERROR.

Scope

The range where a policy applies. Values: ALL (all endpoints) or ENDPOINT (specific endpoint).

HTTP Method

The HTTP verb used in API requests. Common values: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE, ALL.

API Type

The type of API Proxy. Values: REST, SOAP, GRPC, WEBSOCKET.