Policies Supported in Microgateway
This section provides information about the runtime policies supported in Microgateway. A policy can be enforced on an API to perform specific tasks, such as transport, authorization, routing of requests to target services, logging, , and error handling of data. For example, a policy could instruct Microgateway to perform any of the following tasks and prevent malicious attacks:
Verify that the requests submitted to an API come from applications that are authenticated and authorized using only Basic Auth and API Key headers.
Limits the number of invocations during a specified time interval for a particular API and for applications, and send alerts to API Gateway when these performance conditions are violated.
Log the request and response messages.
Note:
These policies are configured in API Gateway and provisioned to Microgateway. Microgateway neglects the configurations that are not supported.
Policies are grouped into stages as per their usage. For example, the policies in the Identify and Access stage can be enforced on an API to specify the kind of identifiers that are used to identify the application and authorize it against all applications registered in Microgateway.
Microgateway supports the system-defined policies that are grouped into stages depending on their usage.
Transport
Identity and Access
Request Processing
Routing
Traffic Monitoring
Response Processing
Error Handling