Versions Compared

Old Version 117

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version 118

changes.mady.by.user John Brinckwirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article

...

Info

Only Org admins can view and set API policies at the Project Space and project levels. The Manage API Policy option on the Project dropdown menu is not available to basic users without who do not have Org admin access, even if as a basic user, you have full permissions to the project or Project Space.

...

  • Anonymous Authenticator: Allows anonymous access to a Task. The user’s roles are taken from Anonymous Authenticator API policy configuration.

  • API Key Authenticator: Authenticates a client using API keys passed as a header or query parameter. 

  • Authorize By Role: Authorizes a request based on the role associated with the client. If a request is not authorized, it is rejected with a 403 Forbidden error.

  • Authorized Request Validator: Validates requests after authorization and returns a customized response. 

  • CORS Restriction: Sets the appropriate headers for requests coming from a different domain so that the response is not blocked by browser.

  • Callout Authenticator: Authenticates a client by calling out to a REST service to validate a token in the request and then authenticating the user.

  • Client Throttling: Limits Task invocations for a given client over a window of time by throttling or rejecting requests from that client. Installing this API policy can help protect a Snaplex from being overloaded by too many requests.

  • Early Request Validator: Validates requests before authentication and returns a customized response. 

  • Generic OAuth2: Authenticates requests from users registered in an existing identity provider. 

  • IP Restriction: Restricts access based on the client IP address of the request. If the request does not meet the configured requirements, it is rejected with a 403 Forbidden error.

  • OAuth 2.0 Client Credentials: Authenticates users with a token in your OAuth 2.0 environment.

  • Request Size Limit: Limits the size of each request. 

  • Request Transformer: Transforms a request before it is passed onto the remaining API policies and, finally, the Pipeline to be executed.

...

  1. Open the API Policy Manager dialog. 

  2. Click the target API policy to open its settings.

  3. Change the value of the Status field. 

  4. Click Validate & Save. You can confirm the Status of the API policy is updated. To enable the API policy, repeat steps 2 through 4. 

    Image RemovedImage Added
Note

Adding the same API policy type at a lower-level in the hierarchy automatically overrides all API policies of the same type at higher levels. For example, if a Callout Authenticator API policy is added at an Org-level and also at the project-space-level, the Org-level is automatically overridden as far as the Tasks within that Project Space are concerned.

...