Stages | Policies |
Transport | Require HTTP/HTTPS - This policy can be enforced for all types of API. But the SOAP versions 1.1 and 1.2 are applicable only for SOAP-based APIs. The SOAP 1.1 and SOAP 1.2 sub types are not available in UI when the REST and ODATA APIs are selected. Note: Software AG recommends to create a separate policy for each API type. Set Media Type - This policy is applicable only for a REST request and the policy name is not listed in Policy configuration page when the SOAP and ODATA APIs are selected. Require JMS - The Require JMS policy is applicable only for SOAP APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected. |
Identity & Access | Inbound Authentication - Transport, Authorize User, Identify and Authorize Application - These policies can be enforced to any API Type. Inbound Authentication - Message - This policy is applicable only for SOAP-based APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected. |
Request Processing | Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type. Request Transformation - This policy is applicable only for SOAP and REST APIs. and not for ODATA services. When all three API types are selected, Request Transformation policy cannot be applied at the global level. |
Routing | Custom HTTP Header, Outbound Authentication - Transport, Outbound Authentication - Message. The Routing stage policies can be applied at a global level for all types of API. |
Traffic Monitoring | Log Invocation, Monitor Service Performance, Monitor Service Level Agreement, Throttling Traffic Optimization, and Service Result Cache. The Traffic Monitoring stage policies can be applied at a global level for all types of API. |
Response Processing | Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type. Response Transformation - This policy can be enforced only for SOAP and REST APIs and the policy name is not listed in Policy configuration page when ODATA API type is selected. CORS - This policy can be enforced only for REST and ODATA APIs and the policy name is not listed in Policy configuration page when SOAP-based API is selected. |
Error handling | Conditional Error Processing and Data Masking. The Error handling stage policies can be applied at a global level for all types of API. |