Policy Management
API Gateway provides the capability to retrieve API Gateway policy related data such as policies, parameters, policy stages, policy templates, binding assertion, token assertion and service result cache. You can use this REST API to create, update or delete policies.
API Gateway provides the following REST API and the resources to manage policies:
GET/rest/apigateway/denialofservice/deniedIP: Retrieves the list of denied IPs (IPs that violated the threat protection rules configured).
DELETE/rest/apigateway/denialofservice/deniedIP: Deletes the specified IP from the denied IP list. Once the IP is removed from the list the request from that IP is processed.
GET/rest/apigateway/assertions: Retrieves a list of available assertions in
API Gateway.
POST/rest/apigateway/assertions: Creates an assertion in
API Gateway. Custom assertions allow the API providers to extend and provide additional security policies that are not available by default in
API Gateway. In WS-Security, custom assertions are used for expressing individual security requirements, constraints, or both. The individual policy assertions can be combined to create security policies that ensure secure and reliable exchanges of SOAP messages between a client and a SOAP API.
GET/rest/apigateway/assertions/{assertionId}: Retrieves the specified assertion element.
PUT/rest/apigateway/assertions/{assertionId}: Updates the specified assertion.
DELETE/rest/apigateway/tokenAssertion/{assertionId}: Deletes the specified assertion.
GET/rest/apigateway/policyActionTemplates/{policyActionTemplateId}: Retrieves the template details of the specified policy action.
GET/rest/apigateway/policyActionTemplates: Retrieves all the template detail for list of policy actions. You can also use this to retrieve template details for a particular policy action by providing the policy action template Id.
GET/rest/apigateway/policyStages: Retrieves the list of policy stages available in
API Gateway. It also displays the list of policies associated with each stage.
GET/rest/apigateway/configurations/mobileApp: Retrieves the configuration details for the mobile applications for which access has been denied. You can use
API Gateway to disable access for certain mobile application versions on a predefined set of mobile platforms. By registering the required devices and applications and disabling access to these versions, you ensure that all users use the latest versions of the applications and take advantage of the latest security and functional updates.
PUT/rest/apigateway/configurations/mobileApp: Updates the details of the mobile applications configuration in
API Gateway.
GET/rest/apigateway/policyActions: Retrieves the list of all policy actions from
API Gateway. It can also be used to retrieve details for particular set of policy actions by specifying the policy id, policy details for list of policies of a particular policy type.
POST/rest/apigateway/policyActions: Creates policy actions of different types in
API Gateway. The result of this request is a policy action payload and is available in the response.
GET/rest/apigateway/policyActions/{policyActionId}: Retrieves the policy action details for a specified policy action based on the id specified in
API Gateway.
PUT/rest/apigateway/policyActions/{policyActionId}: Updates the policy action details for a specified policy action based on the id specified in
API Gateway.
DELETE/rest/apigateway/policyActions/{policyActionId}: Deletes the policy action based on the id specified in
API Gateway.
GET/rest/apigateway/policies: Retrieves the list of all policies from
API Gateway. It can also be used to retrieve details for particular set of policies by specifying the policy id, policy details for list of policies of a particular policy type.
POST/rest/apigateway/policies: Creates policies of different types in
API Gateway. You can also use this to clone policies.
GET/rest/apigateway/policies/{policyId}: Retrieves the policy details for a specified policy in
API Gateway. If policy id is available then the policy details is sent in response.
PUT/rest/apigateway/policies/{policyId}: Updates the policy details for a specified policy in
API Gateway. For Global policy user should have
API Gateway administrator access to update global policy.
DELETE/rest/apigateway/policies/{policyId}: Deletes the specified policy in
API Gateway. This request will automatically delete the associated policy action for this policy.
GET/rest/apigateway/policies/{policyId}/apis: Retrieves the list of applicable APIs for a global policy. An API become applicable API for a global policy only if it satisfies the scope specified in the global policy. By default it will return the basic API details of all the applicable APIs either if the API is active or inactive for a global policy.
GET/rest/apigateway/policies/{policyId}/conflicts: Retrieves the conflicts for the specified global policy.
PUT/rest/apigateway/policies/{policyId}/activate: Activates the specified global policy. This request does not require any request body. This request tries to activate the global policy and if any error occurs during activation it is reported as response or if the global policy is activated then its policy details active flag set to true is sent as response. If the global policy has any conflicts then it cannot be activated and the conflicts are manually resolved.
PUT/rest/apigateway/policies/{policyId}/deactivate: Deactivates the specified global policy. This request does not require any request body. This request tries to deactivate the global policy and if any error occurs during deactivation it is reported as response or if the global policy deactivated the policy details of a global policy with active flag set to false is sent as response. An active global policy cannot have conflicts with other active global policy and hence the deactivation fails only when the conflict occurs between active global policy that is specified and one or more applicable active APIs. This can happen when the applicable active API policy action depends on one or more policy action from the specified global policy. If you deactivate this policy, it would cause the active API to have an unstable state. Hence the deactivation is reported as failed in this case.
PUT/rest/apigateway/policies/{policyId}/disable: Disables the Threat protection policy created in
API Gateway. This request does not require any request body. If the threat protection policy is disabled successfully then the policy details of specified policy will be sent as response.
PUT/rest/apigateway/policies/{policyId}/enable: Enables the Threat protection policy created in
API Gateway. This request does not require any request body. If the threat protection policy is enabled successfully then the policy details of specified policy is sent as response.
PUT/rest/apigateway/policies/{policyId}/movedown: Moves down the execution order of the Threat protection policy created in
API Gateway.
PUT/rest/apigateway/policies/{policyId}/moveup: Moves up the execution order of the Threat protection policy created in
API Gateway.
GET/rest/apigateway/serviceResultCache/{apiId}: Retrieves the Service Result Cache size for the specified API accessed using the API Id.
DELETE/rest/apigateway/serviceResultCache/{apiId}: Deletes the Service Result Cache for the specified API accessed using the API Id.
GET/rest/apigateway/serviceResultCache: Retrieves the Service Result Cache size for the specified API accessed using apiName and apiVersion.
DELETE/rest/apigateway/serviceResultCache: Deletes the Service Result Cache for the specified API accessed using apiName and apiVersion.
For details about the REST API, see the APIGatewayPolicyManagement.json at Install directory/IntegrationServer/instances/default/packages/WmAPIGateway/resources/apigatewayservices.