Creating a Policy and Binding It to APIs

Guidelines

• An API can be bound with only one policy of the same type.
• Policies are independent of APIs. A policy takes effect for an API only after they are bound to each other. When binding a policy to an API, you must specify an environment where the API has been published. The policy takes effect for the API only in the specified environment.
• After you bind a policy to an API, unbind the policy from the API, or update the policy, you do not need to publish the API again.
• Taking an API offline does not affect the policies bound to it. The policies are still bound to the API if the API is published again.
• Policies that have been bound to APIs cannot be deleted.

Creating a Policy

1. Go to the APIG console.
2. Select a dedicated gateway at the top of the navigation pane.

3. In the navigation pane, choose API Management > API Policies.
4. On the Policies tab, click Create Policy.
5. Click the desired policy type.
   • Plug-in policies
     Set the policy information.

     Table 1 Policy configuration

     Parameter	Description
     Name	Enter a policy name that conforms to specific rules to facilitate search.
     Type	Type of the policy, which determines the extension capabilities. NOTE: If a policy type is not supported by your gateway, contact technical support to upgrade the gateway to the latest version. CORS: Provides the capabilities of specifying preflight request headers and response headers and automatically creating preflight request APIs for cross-origin API access. HTTP Response Header Management: Enables you to customize HTTP response headers that will be displayed in an API response. Request Throttling 2.0: Limits the number of times that an API can be called within a specific time period. Parameter-based, basic, and excluded throttling is supported. Kafka Log Push: Pushes API calling logs to Kafka so that you can view these logs. Circuit Breaker: Protects your backend service when a performance issue occurs. Third-Party Authorizer: Authenticate API requests with your own service.
     Description	Description about the plug-in.
     Policy Content	Content of the plug-in, which can be configured in a form or using a script. The plug-in content varies depending on the plug-in type: CORS HTTP Response Header Management Request Throttling 2.0 Kafka Log Push Circuit Breaker Third-Party Authorizer

   • Traditional policies

     The policy content varies depending on the policy type:

     • Request Throttling
     • Access Control
     • Signature Keys

6. Click OK.
   • To clone this policy, click Clone in the Operation column.
     

     • The name of a cloned policy cannot be the same as that of any existing policy.
     • Request throttling and signature key policies cannot be cloned.
   • After the policy is created, perform the operations described in Binding the Policy to APIs for the policy to take effect for the API.

Binding the Policy to APIs

1. Click a policy name to go to the policy details page.
2. In the APIs area, select an environment and click Select APIs.
3. Select an API group and then select APIs.
4. Click OK.
   • If an API no longer needs this policy, click Unbind in the row that contains the API.
   • If there are multiple APIs that no longer need this policy, select these APIs, and click Unbind above the API list. You can unbind a policy from a maximum of 1000 APIs at a time.