Policy Overview
Overview of API Policies​
API Policies in the APIM system provide essential functionalities such as authentication, rate limiting, caching, and transformation to enhance security, performance, and flexibility. Administrators can configure these policies at the API level to ensure API traffic is managed efficiently.
Policies are divided into:
- Inbound: Modifies requests before reaching the backend (e.g., header transformations, IP restrictions).
- Outbound: Modifies responses before reaching the client (e.g., logging, adding headers).
The APIM Console allows users to apply, configure, and manage policies for each API. In this guide, users can know how to configure for each policy. The policies covered include:
| Inbound | Outbound |
|---|---|
| Key Authentication (Key Auth) | Proxy Cache |
| Rate Limiting | Response Transformer |
| Transaction ID (Txid) | Cross-Origin Resource Sharing (CORS) |
| OpenID Connect (OIDC) | |
| Request Transformer | |
| Pre-function | |
| Request Transformer Advanced | |
| Circuit Breaker | |
| SAML |
Access to API Policy Details screen​
User can access to API Policy Details screen in different ways as below:
- When setting up for a project’s API Basic Policy. Please refer to User Guide/APIM Console Guide/API Basic Policy Settings/How to set up API Basic Policy
- When configuring an API, please refer to User Guide/APIM Console Guide/API Management/API Policies Applying.
Configure an API Policy​
In API Policy Details screen, user can configure an API Policy by clicking on a policy listed in the apply section. The policy details will be displayed in a new section underneath.
Policy detail guide structure​
To know how to configure on each API Policy, please refer to the respective guide in API Policy Details. Each policy will be explained in a common structure as below:
Overview​
- Briefly explain what the policy does and its primary purpose.
- Mention common use cases where this policy is applied.
- List the main functionalities of the policy.
- Explain key components, if applicable (e.g., tags, parameters, states).
Configuration Details​
Explain how parameters and fields are input.
Screenshots​
Screenshots attached after each detail to illustrate.