Use the Anonymous Authenticator policy to allow anyone access to your API. When a request does not contain any credentials for authentication by another policy (such as API Key), you can use this policy to authenticate the request automatically and identify the user by the client IP address. The Anonymous Authenticator policy can be useful for providing access to APIs that are lightweight and read-only APIs: for example, a public landing page, which needs to provide some dynamic information, can access an API with this policy. The user role is based on your configuration of the policy .In this scenario, a request still requires authorization by another settings.
You must use the Anonymous Authenticator policy with an authorization policy. For example, you can configure this policy can be configured to add the role “anonymous” to the client, and you can then configure the Authorize By Role policy to authorize users with that role.However However, since this the Anonymous Authenticator policy allows anyone to access an API, you should always combine the Anonymous Authenticator this policy with a restrictive Client Throttle policy to prevent overloading a Snaplex with too many requests.
Execution Order
This Policy is executed after the other authentication mechanisms that are based on the client providing a token in the request, like the API Key or Callout Authenticators.
Note | ||
---|---|---|
| ||
All Authentication policies require the Authorize By Role policy to authenticate the API caller correctly. For example, you can configure this policy to add the role “admin” to the client and then configure the Authorize By Role policy to authorize users with that role. |
Policy Execution Order
This policy executes after the other authentication policies, specifically those whose mechanisms are based on the client providing a token in the request, like the API Key or Callout Authenticator policies.
Multiexcerpt macro | ||
---|---|---|
| ||
All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions. |
Parameter Name | Description | Default Value | Example | ||
---|---|---|---|---|---|
Label | Required. The name for the API policy. | Anonymous Authenticator | Project - Anonymous Authenticator | ||
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | N/A | request.method == "POST" | ||
Roles | Required. A list of role names to be assigned to the client making the request. Click + to add roles.
| N/A | N/A | ||
Role | The name of the role. | anonymous | anonymous | ||
Status | Specifies whether the API policy is enabled or disabled. | Enabled | Disabled |
Note | ||
---|---|---|
| ||
Since this API policy allows anonymous access include a Client Throttling policy to restrict the number of anonymous requests to prevent a Snaplex from being overloaded by too many requests. |
See Also
- Managing APIs in SnapLogic API Management
- Managing your API Developer Portal Settings
- API Policy Manager
- API Dashboard WallInsights