Use the Anonymous Authenticator policy to allow anyone access to your API. When a request does not contain any credentials for authentication by another policy (such as API Key), you can use this policy to authenticate the request automatically and identify the user by the client IP address. The Anonymous Authenticator policy can be useful for providing access to APIs that are lightweight and read-only: for example, a public landing page, which needs to provide some dynamic information, can access an API with this policy. The user role is based on policy settings.
You must use the Anonymous Authenticator policy with an authorization policy. For example, you can configure this policy to add the role “anonymous” to the client, and then configure the Authorize By Role policy to authorize users with that role. However, since the Anonymous Authenticator policy allows anyone to access an API, you should always combine this policy with a restrictive Client Throttle policy to prevent overloading a Snaplex with too many requests.
Authentication Policy Requirement
All Authentication policies require the Authorize By Role policy to authenticate the API caller correctly. For example, you can configure this policy to add the role “admin” to the client and then configure the Authorize By Role policy to authorize users with that role.
Policy Execution Order
This policy executes after the other authentication policies, specifically those whose mechanisms are based on the client providing a token in the request, like the API Key or Callout Authenticator policies.
|Parameter Name||Description||Default Value||Example|
|Label||Required. The name for the API policy.||Anonymous Authenticator||Project - Anonymous Authenticator|
|When this policy should be applied|
An expression enabled field that determines the condition to be fulfilled for the API policy to execute.
For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.
|N/A||request.method == "POST"|
Required. A list of role names to be assigned to the client making the request. Click + to add roles.
The name of the role.
Specifies whether the API policy is enabled or disabled.
Since this API policy allows anonymous access include a Client Throttling policy to restrict the number of anonymous requests to prevent a Snaplex from being overloaded by too many requests.