Policies Supported in Microgateway
This section provides information about the runtime policies supported in Microgateway. A policy can be enforced on an API to perform specific tasks, such as transport, authorization, routing of requests to target services, logging, , and error handling of data. For example, a policy could instruct Microgateway to perform any of the following tasks and prevent malicious attacks:
Verify that the requests submitted to an API come from applications that are authenticated and authorized using only Basic Auth and API Key headers.
Limits the number of invocations during a specified time interval for a particular API and for applications, and send alerts to API Gateway when these performance conditions are violated.
Log the request and response messages.
Note: These policies are configured in API Gateway and provisioned to Microgateway. Microgateway neglects the configurations that are supported.
Policies are grouped into stages as per their usage. For example, the policies in the Identify and Access stage can be enforced on an API to specify the kind of identifiers that are used to identify the application and authorize it against all applications registered in Microgateway.
Microgateway provides the following system-defined policies that are grouped into stages depending on their usage
Transport policy
Enable HTTP / HTTPS
Identity & Access
Identify & Authorize Application (Basic, API Key)
Routing
Straight Through Routing
Traffic Monitoring
Log Invocation
Throttling Traffic Optimization
Error Handling
Conditional Error Processing