Versions Compared

Old Version 139

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version 140

changes.mady.by.user John Brinckwirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The API Policy Manager enables you to apply a range of authentication/authorization, traffic management, request transformation, and request validation policies to APIs. You can configure these API policies to be applicable at different levels in the hierarchy in the API Manager console, APIs, and API version. The API policies can also be applied to Org, the shared folder in a Project Space, and Project folders. For example, when you apply a Request Size Limit policy to a Project, the policy validates the following condition: any request with a request body sent to the Tasks within in that Project that does not exceed the limit.

In addition to validating requests, you can use API policies to authenticate and authorize requests using various authentication methods. Without the API Policy Manager, an API can only be invoked by a user registered with the SnapLogic SnapLogic® platform or by using a bearer token. With an APIM authenticator policy, clients can be authenticated through an OAuth2 server or a REST service, as well as  and also other available authentication policies available. Thus, SnapLogic Tasks can be made available to a much wider audience.

APIM supports OpenID Connect (OIDC) as an authentication method for your Generic OAuth2 API policy. Multiple Identity Providers are supported. When you set up Generic OAuth2 as the authorization agent with OIDC, your OIDC application becomes the authentication provider for the API.

...

.

...

Supported API Policies

Authentication and Authorization

These policies manage the authorization and authentication of the API caller. The Generic OAuth2 policy is the most common. It requires a 3rdthird-party service in its setup. You can also use OpenID Connect provider with Generic OAuth2. The OAuth 2.0 Client Credentials policy is a variation on OAuth 2.0 workflow where the authentication flow is based on the Client Credential flow from Okta. The API Key Authenticator provides another authentication mechanism in its use of a key that serves as a license for using the API. The Callout Authenticator provides an alternative to the Generic OAuth2 authentication flow.

...

Authentication Policy Requirement

All authentication policies require the Authorize By Role policy to authenticate the API caller.

  • Anonymous Authenticator: Allows anonymous access to a Task. The user’s roles are taken from the Anonymous Authenticator API policy configuration.

  • API Key Authenticator: Authenticates a client using API keys passed as a header or query parameter. 

  • Authorize By Role: Authorizes a request based on the role associated with the client. If a request is not authorized, it is rejected with a 403 Forbidden error.

  • Callout Authenticator: Authenticates a client by calling out to a REST service to validate a token in the request and then authenticating the user.

  • Generic OAuth2: Authenticates requests from users registered in an existing identity provider. 

  • JWT Validator: Authenticates a request with a token.

  • OAuth 2.0 Client Credentials: Authenticates users with a token in your OAuth 2.0 environment.

...

Validation policies apply validation criteria during the process of policy application. Some policies provide additional layers of security, like for example, the SQL Threat Detector and Request Size Limit policies. Other policies enforce compliance, such as JSON and XML validator policies, enforce compliance. The Early and Authorized Request policies provide generic mechanisms for enforcing compliance. For example, if a request must contain a certain specific HTTP header, you can configure either of these policies to reject the request if it does not contain the header.

...

Traffic Shaping

These policies enable the manipulation of incoming request traffic. You can use these policies to protect your API gateways from being overloaded with too many requests (Request Size Limit) or even eliminate traffic from specific sources (IP Restriction). The HTTP Redirect policy allows you to divert requests by customizing the HTTP 300 codes when your API is down because of maintenance.

  • Client Throttling: Limits Task invocations for a given specific client over during a window of specific time period by throttling or rejecting requests from that client. Installing Install this API policy can to help protect a Snaplex from being overloaded by too many requests.

  • Request Size Limit: Limits the size of each request. 

  • IP Restriction: Restricts access based on the client IP address of the request. If the request does not meet the configured requirements, it is rejected with a 403 Forbidden error.

  • CORS Restriction: Sets the appropriate headers for requests coming from a different domain so that the response is not blocked by the browser.

  • HTTP Redirect: Manages HTTP redirection for API requests.

...