Versions Compared

Old Version 140

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version Current

changes.mady.by.user John Brinckwirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: APIM-1164

...

APIM supports OpenID Connect (OIDC) as an authentication method for your Generic OAuth2 API policy. Multiple Identity Providers are supported. When you set up Generic OAuth2 as the authorization agent with OIDC, your OIDC application becomes the authentication provider for the API.

Policies Snap Pack

API Policies are available in your Org when you subscribe to the APIM feature and Policies Snap Pack. Despite its name, the Policies Snap Pack does not contain Snaps, but it does function like other Snap Packs.

You can configure Snap Pack to use one of the two following distributions:

  • Stable contains policies that have been available for a few releases. This distribution is updated quarterly release.

  • Latest contains the newest policies and policy features. This distribution is typically updated every month.

The distributions are determined by the Snaplex version updates, which coincide with the monthly and quarterly releases.

The following resources provide more information about the SnapLogic release process:

Policies Snap Pack Settings in Classic Manager

You can change Snap Pack versions in the Snap Packs page, which includes a View distribution menu. Options include: 

  • New: This option shows Snap Pack choices (Latest or Stable) for an updated Snaplex. 

  • Old: This option shows Snap Pack choices (Latest or Stable) for a deprecated Snaplex. 

You can set the View Distribution and Policies Snap Pack version here.

...

Policies Snap Pack Settings in Admin Manager

You can change the View Distribution and Policies Snap Pack settings in Admin Manager. Learn More.

Supported API Policies

Authentication and Authorization

...

  • Anonymous Authenticator: Allows anonymous access to a Task. The user’s roles are taken from the Anonymous Authenticator API policy configuration.

  • API Key Authenticator: Authenticates a client using API keys passed as a header or query parameter. 

  • Authorize By Role: Authorizes a request based on the role associated with the client. If a request is not authorized, it is rejected with a 403 Forbidden error.

  • Callout Authenticator: Authenticates a client by calling out to a REST service to validate a token in the request and then authenticating the user.

  • Generic OAuth2: Authenticates requests from users registered in an existing identity provider. 

  • JWT Validator: Authenticates a request with a token.

  • OAuth 2.0 Client Credentials: Authenticates users with a token in your OAuth 2.0 environment.

Inbound/Outbound

These policies provide authentication and enhanced security for inbound and outbound traffic across your Snaplexes and 3rd-party endpoint servers.

Inbound TLS: Use this policy with APIM Proxies to ensure that inbound endpoints are verified by TLS certificates during API processing. Supported by Groundplexes only.

Outbound Basic Auth: Use the Outbound Basic Auth Policy to set up a Basic Authentication account for verification at a proxy endpoint level when you establish a connection with a service or a system.

Outbound OAuth2: Use this policy to set specific OAuth2 parameters such as authorization URL's which are generated through access tokens with client credentials (client ID and client secret) to enforce OAuth2 authentication for upstream API calls.

Outbound TLS: Use this policy with APIM Proxies to ensure that outbound endpoints are verified by TLS certificates during API processing.

Validation

Validation policies apply validation criteria during the process of policy application. Some policies provide additional layers of security, for example, the SQL Threat Detector and Request Size Limit policies. Other policies, such as JSON and XML validator policies, enforce compliance. The Early and Authorized Request policies provide generic mechanisms for enforcing compliance. For example, if a request must contain a specific HTTP header, you can configure either of these policies to reject the request if it does not contain the header.

...

  • Client Throttling: Limits Task invocations for a specific client during a specific time period by throttling or rejecting requests from that client. Install this API policy to help protect a Snaplex from being overloaded by too many requests.

  • Request Size Limit: Limits the size of each request. 

  • IP Restriction: Restricts access based on the client IP address of the request. If the request does not meet the configured requirements, it is rejected with a 403 Forbidden error.

  • CORS Restriction: Sets the appropriate headers for requests coming from a different domain so that the response is not blocked by the browser.

  • HTTP Redirect: Manages HTTP redirection for API requests.

  • HTTP Response Cache: Use this policy for highly reoccurring and static responses to manage latency and response times, which can reduce the load on the upstream API as well as the proxy server.

  • HTTP Retry: Use this policy to set up retry logic for requests made to your Proxy and Proxy endpoints.

Transformation

These policies enable you to change the requests or responses based on criteria. You can use these policies to add or modify headers.

...