Rule reference
In APIM 3.0, you define rules to validate, authenticate, authorize, and configure request and response behavior as part of a Policy. Policies can contain one or more rules and are re-usable. You can apply them to all Services, to individual Services, or to individual endpoints. Refer to Introduction to Policies for an overview of Policies and rules.
The available rules fall into the following categories:
- Validate
- Authenticate
- Authorize
- Shape (behavior such as caching, client throttling and retries, CORS and IP restrictions, and redirects)
- Transform (modify request before processing, response, or response headers)
- Outbound (authentication for upstream requests)
Expression-enabled rule fields (
) support the SnapLogic Expression Language and API Composer Functions. Click the dropdown on the
expression field to display the selector for operators, document values, and arrow functions. Disable
the expression icon to enter a literal string.
Rules Matrix
The documentation navigation pane lists rules alphabetically. The following table organizes them by Policy category and provides a brief description:
| Name | Policy category | Description |
|---|---|---|
| Inbound TLS | Validate |
Validates that the client TLS certificate exists in the Groundplex truststore and is not expired. Doesn't apply to requests sent to a Cloudplex. |
| Cross Origin Resource Sharing (CORS) Restriction rule | Sets the appropriate headers for browser-based requests so that the browser doesn't block the response. You must apply a policy with a CORS Restriction rule to enable the Try it out feature in the APIM 3.0 Developer Portal. | |
| IP Restriction rule | Restricts access based on the client IP address where the request originated. | |
| Authorized Request Validator rule | Performs generic validation steps on requests after authorization and returns customized responses. | |
| Early Request Validator | Validates a request before authentication and returns a customized response. | |
| JSON Validator | Validates a request against a JSON schema. | |
| SQL Threat Detector | Protects against the injection of SQL commands in the header, path, query, and payload of incoming HTTP requests. | |
| XML DTD Validator | Validates a request against the provided XML DTD schema. | |
| XML XSD Validator | Validates a request against the provided XML XSD schema. | |
| Anonymous Authenticator | Authenticate | Allows anonymous access to a Task. The user’s roles are taken from the Anonymous Authenticator API rule configuration. |
| API Key Authenticator | Authenticates a client using API keys passed as a header or query parameter. | |
| Basic Authentication rule | Authenticates requests to Service endpoints with a user name and password. | |
| Callout Authenticator | Authenticates a client by calling out to a REST service to validate a token in the request and then authenticating the user. | |
| OAuth 2.0 Client Credentials | Authenticates users with a token in your OAuth 2.0 environment. | |
| Generic OAuth2 | Authenticates requests from users registered in an Oauth 1, 2, or OpenID Connect identity provider. | |
| JWT Validator | Authenticates a request with a token. | |
| Authorize By Role | Authorize | Authorizes a request based on the role associated with the client. If a request is not authorized, it is rejected with a 403 Forbidden error. |
| Client Throttling | Request Shape | Limits Task invocations for a specific client during a specific time period by throttling or rejecting requests from that client. Install this API rule to help protect a Snaplex from being overloaded by too many requests. |
| HTTP Retry |
Use this rule to set up retry logic for requests made to your endpoints. |
|
| Request Size Limit | Limits the size of each request. | |
| HTTP Redirect |
Manages HTTP redirection for API requests. |
|
| Response Cache | Response Shape | Manages latency and response times for highly reoccurring and static responses. This can reduce the load on the upstream API as well as the proxy server. |
| Request Transformer | Request Transform |
Transforms a request before it is passed onto the remaining API rules and, finally, the pipeline to be executed. |
| Response Mapper | Response Transform | Transforms the response body. The rule controls provide expression/target path mappings and a Pass Through option for unaffected mappings. |
| Response Transformer |
Transforms the response headers of the API. You can use this rule to add, remove, or modify response headers. |
|
| Outbound Basic Auth | Outbound | Sets up a Basic Authentication account for verification at a proxy endpoint level when you establish a connection with a service or a system. |
| Outbound JWT Policy | Authenticates an upstream JWT token. | |
| Outbound OAuth2 | Sets specific OAuth2 parameters such as authorization URLs that are generated through access tokens with client credentials (client ID and client secret) to enforce OAuth2 authentication for upstream API calls. | |
| Outbound TLS |
Ensures that outbound endpoints are verified by TLS certificates during API processing. |