Policy: Anonymous Authenticator
Use the Anonymous Authenticator policy to allow anyone access to your API. When a request does not contain any credentials for authentication by another policy (such as API Key), you can use this policy to authenticate the request automatically and identify the user by the client IP address. The Anonymous Authenticator policy can be useful for providing access to read-only APIs: for example, a public landing page, which needs to provide some dynamic information, can access an API with this policy. The user role is based on the policy settings.
admin role to the client and then configure the Authorize By Role policy to authorize users with that role.
You can configure this policy to add the anonymous role to the client,
and then configure the Authorize By Role policy to authorize users with that role.
However, since the Anonymous Authenticator policy allows anyone to access an API,
you must always combine this policy with a restrictive Client Throttle policy to prevent overloading a Snaplex with too many requests.
Policy execution order
This policy executes after the other authentication policies, specifically those whose mechanisms are based on the client providing a token in the request, like the API Key or Callout Authenticator policies.
| Field | Description |
|---|---|
| Label | Required. The name for the API policy.
Default value: Anonymous Authenticator Example: Project - Anonymous Authenticator |
| When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute.
Example: If the value of this parameter is |
| Roles | Required.
The list of role names to be assigned to the client making the request
Important:
|
| Role | The name of the role. |
| Status | Specifies whether the API policy is enabled or disabled.
Default value: Enabled Example: Disabled |