API Gateway 10.3 | Using API Gateway | Policies | Managing Global Policies
 
Managing Global Policies
 
Creating a Global Policy
Modifying the Scope of a Global Policy
Refining the Scope of a Global Policy
Associating Policies to a Global Policy
Configuring Properties for a Global Policy
Viewing List of Global Policies and Policy Details
Modifying Global Policy Details
Activating a Global Policy
Deactivating a Global Policy
Deleting a Global Policy
Copying a Global Policy
Exporting Global Policies
Important:
API Gateway's Standard Edition License does not support the functionality of Global Policies. You can create and manage global policies only using the Advanced Edition License.
Global policies are a set of policies that are associated globally to all APIs or the selected set of APIs. Global policies are supported for both SOAP and REST APIs.
By associating policies globally to all APIs or the selected set of APIs, the administrator can ensure that a set of policies is applied to the selected APIs by default. The administrator can, for example, define a global policy that attaches a WS-Security (WSS) authentication to all SOAP API endpoints within a specific IP range. In this case, any client request from the specific IP range automatically inherits the security configuration defined in the global policy for SOAP APIs.
Global Policy Matrix
This table lists the stage-specific policies that can be configured as global policy for different types of APIs at the global level.
Note:
The Policy configuration page displays only the policies that are common to one or more API types selected in the global policy filter.
Stages
Policies
Transport
*Require HTTP/HTTPS - This policy can be enforced for all types of API. But the SOAP versions 1.1 and 1.2 are applicable only for SOAP-based APIs. The SOAP 1.1 and SOAP 1.2 sub types are not available in UI when the REST and ODATA APIs are selected.
Note:
Software AG recommends to create a separate policy for each API type.
*Set Media Type - This policy is applicable only for a REST request and the policy name is not listed in Policy configuration page when the SOAP and ODATA APIs are selected.
*Require JMS - The Require JMS policy is applicable only for SOAP APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected.
Identity & Access
*Inbound Authentication - Transport, Authorize User, Identify and Authorize Application - These policies can be enforced to any API Type.
*Inbound Authentication - Message - This policy is applicable only for SOAP-based APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected.
Request Processing
*Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type.
*Request Transformation - This policy is applicable only for SOAP and REST APIs. and not for ODATA services. When all three API types are selected, Request Transformation policy cannot be applied at the global level.
Routing
*Custom HTTP Header, Outbound Authentication - Transport, Outbound Authentication - Message. The Routing stage policies can be applied at a global level for all types of API.
Traffic Monitoring
*Log Invocation, Monitor Service Performance, Monitor Service Level Agreement, Throttling Traffic Optimization, and Service Result Cache. The Traffic Monitoring stage policies can be applied at a global level for all types of API.
Response Processing
*Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type.
*Response Transformation - This policy can be enforced only for SOAP and REST APIs and the policy name is not listed in Policy configuration page when ODATA API type is selected.
*CORS - This policy can be enforced only for REST and ODATA APIs and the policy name is not listed in Policy configuration page when SOAP-based API is selected.
Error handling
Conditional Error Processing and Data Masking. The Error handling stage policies can be applied at a global level for all types of API.