webMethods and Intelligent Business Operations 10.2 | API Gateway User's Guide | Policies | Managing Scope-level Policies
 
Managing Scope-level Policies
 
Creating a Scope-level Policy
Viewing List of Scope-level Policies and Policy Details
Modifying Scope-level Policy Details
Deleting a Scope-level Policy
You can define policies at the API-level or scope-level for an API. API-level policies are processed for all incoming requests to the API. Scope-level policies are processed only for incoming requests that apply to a specific scope in the API. Any policy you specify at the API-level is overridden by the policy defined at the scope-level if the policies are the same. In contrast, the API-level policies will not affect the scope-level policies. But if there are policies applied at the global-level (through a global policy) for the API, then those policies will override every other policy configured at the API-level.
The scope-level policies for an API provide a granular enforcement of policies at the resource-level, method-level, or both for the REST API, or at the operation-level for the SOAP API.
Note: Scope-level policies are not supported for OData APIs.
An API can have zero or more scope-level policies. When you define the scope-level policies for an API, keep the following points in minds:
*For a policy (for example, Identify and Authorize Application) that can appear only once in an API, if the same policy is already applied through the API details page, API Gateway prompts you with a warning message that the scope-level policy takes precedence over the API-level policy, and is enforced on the API at run-time.
*For a policy (for example, Monitor Service Level Agreement) that can appear multiple times in an API, if the same policy is already applied to the API through a global policy, API Gateway prompts you with a warning message that the global policy takes precedence over the scope-level policy, and is enforced on the API at run-time.
*If a resource or method or operation has the same policy (for example, Require HTTP / HTTPs) applied through different scopes, API Gateway prompts you with an error message and sets the focus to the conflicting policies. You must remove the required policy from the individual scope(s) to resolve the conflicts.
API Gateway supports scope-level policies only for the following stages:
*Identify and Access
*Traffic Monitoring
For information on the usage scenarios of policies configured for the scopes of an API, see Example: Usage Scenarios of API Scopes.

Copyright © 2015- 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release