API Policy Manager

In this article

Overview

The API Policy Manager enables you to apply a range of authentication/authorization, traffic management, request transformation, and request validation policies to APIs. You can configure these API policies to be applicable at different levels in the hierarchy in the API Manager console, APIs, and API version. The API policies can also be applied to Org, the shared folder in a Project Space, and project folders. For example, when you apply a Request Size Limit policy to a Project, the configured API policy validates that any request with a request body sent to Tasks within that project do not exceed the limit applied by the API policy.

In addition to validating requests, you can use API policies to authenticate and authorize requests using various authentication methods. Without the API Policy Manager, an API can only be invoked by a user registered with the SnapLogic platform or by using a bearer token. With an APIM authenticator policy, clients can be authenticated through an OAuth2 server or a REST service, as well other authentication policies available. Thus, SnapLogic Tasks can be made available to a much wider audience.


Supported API Policies

  • Anonymous Authenticator: Allows anonymous access to a Task. The user’s roles are taken from Anonymous Authenticator API policy configuration.
  • API Key Authenticator: Authenticates a client using API keys passed as a header or query parameter. 
  • Authorize By Role: Authorizes a request based on the role associated with the client. If a request is not authorized, it is rejected with a 403 Forbidden error.
  • Authorized Request Validator: Validates requests after authorization and returns a customized response. 
  • CORS Restriction: Sets the appropriate headers for requests coming from a different domain so that the response is not blocked by browser.
  • Callout Authenticator: Authenticates a client by calling out to a REST service to validate a token in the request and then authenticating the user.
  • Client Throttling: Limits Task invocations for a given client over a window of time by throttling or rejecting requests from that client. Installing this API policy can help protect a Snaplex from being overloaded by too many requests.
  • Early Request Validator: Validates requests before authentication and returns a customized response. 
  • Generic OAuth2: Authenticates requests from users registered in an existing identity provider. 
  • IP Restriction: Restricts access based on the client IP address of the request. If the request does not meet the configured requirements, it is rejected with a 403 Forbidden error.
  • Request Size Limit: Limits the size of each request. 
  • Request Transformer: Transforms a request before it is passed onto the remaining API policies and, finally, the Pipeline to be executed.

Authentication Policy Requirement

All authentication policies require the Authorize By Role policy to authenticate the API caller.

SnapLogic Expression Language Support

All API policies leverage of the SnapLogic Expression Language. Every policy has an expression enabled field  for the When to Apply this Policy setting, where you can create an expression using the built-in operators in the platform. Clicking  displays the selector for various operators, document values, and arrow functions, providing greater flexibility to use conditional logic to apply the policy. Several API policies also support expression enabled fields for their settings. 

Additionally, you can also use API Policy Manager Functions to create an expression based on the asset, Snaplex, or request itself. When the expressions field icon is disabled () , you can enter a string. 

API Policy Manager Asset Support

You can use the API Policy Manager to apply API policies to the following SnapLogic assets.

  • Org: Select the Shared folder under your Org to apply API policies at the Org level (only Org admins have this access).

  • API: Apply API policies at the API level API Manager console.

  • Version: Apply API policies at the version level in the API Manager console. 

  • Project Space: Select the shared folder in your Project Space to apply API policies at the Project Space level in Manager.

  • Project: Select the project to apply API policies at the project level in Manager.


Applying Policies at the Org level

  1. In Manager, click the shared folder for your Org (also known as the global shared folder), then click Manage API Policy to view the API Policy Manager -shared dialog window, which displays a list of existing API policies and their status.

  2. In the API Policy Manager -shared dialog window, click Add Policy to view list of policies.

  3. Select a policy from the list of policies to display the settings dialog window.

  4. Enter/modify the fields to configure the policy as required, then click Validate and Save.

    The policy settings dialog window closes and your policy is displayed in the API Policy Manager-shared dialog window.

You can also import and export policies in the API Policy Manager-shared dialog window.

Applying Policies in the API Manager console

You can apply policies at the API and API version level.

Adding API Policies to APIs

  1. In SnapLogic Manager, click Settings > API Management > API Manager

    The API Manager page is displayed.



  2. Click the target API to display the API Details page, and click  to display the list of API policies.

  3. Enter or modify the fields as required to configure the policy.

  4. Click Validate and Save.

    The policy settings dialog window closes, and your policy is displayed on the API Details page.


Adding API Policies to API Versions

  1. In SnapLogic Manager, click Settings > API Management > API Manager

    The API Manager page is displayed.



  2. Click the target API to view the API Details page.

  3. In the API Details page, click the Versions tab, then click the target API version to view the Version Details page.



  4. In the Version Details page, click the target to view the API Details page, and click  to display the list of API policies.


  5. Enter or modify the fields as required to configure the policy.

  6. Click Validate and Save.

    The policy settings dialog window closes, and your policy is displayed in the API Details page.

Adding API Policies to Project Spaces/Projects in Manager

For projects and Project Spaces, all API policies applied at a hierarchy level are automatically applied to all Tasks at that level. For example, an API policy applied at the Project Space level automatically applies to all Tasks within all the Projects inside that Project Space. If the same API policy type is applied at a Project Space and a Project, then the configuration of the lower-level API policy is used. 


  1. In Manager, select the target Project Space/project, click  to display the dropdown list, and select Manage API Policy to display the API Policy Manager dialog window.



  2. Click Add Policy. A list of all the API policy types appears. 



  3. Click the API policy that you want to add. The settings dialog window for that policy is displayed. 



  4. Enter/modify the field values to configure the policy, then click Validate & Save. The API policy is added to the list of API policies. 

  5. Click Close to close the API Policy Manager dialog.

Enabling/Disabling Policies at the Org and Project Level

  1. Open the API Policy Manager dialog. 

  2. Click the target API policy to open its settings.

  3. Change the value of the Status field. 

  4. Click Validate & Save. You can confirm the Status of the API policy is updated. To enable the API policy, repeat steps 2 through 4. 

Adding the same API policy type at a lower-level in the hierarchy automatically overrides all API policies of the same type at higher levels. For example, if a Callout Authenticator API policy is added at an Org-level and also at the project-space-level, the Org-level is automatically overridden as far as the Tasks within that Project Space are concerned.

Importing Policies in Manager

The policies in the API Policy Manager are SnapLogic Assets that share the same permissions as those described in Migrating Accounts. Policies can be imported only between trusted Orgs.

  1. Navigate to the target Project in SnapLogic Manager.

  2. Right-click to display the dropdown list, and click Manage API Policy. The API Policy Manager dialog appears.

  3. Select Choose File and navigate to the target file.

    • Import non-existent only: (Default) Only uploads API policies in the selected file that do not already exist in the Project Folder.

    • Import all policies: Imports all API policies in the selected file.


  4. Click Import. The Import Policy Result popup appears with the following Status:

    • Added: The API policies added to the Project Folder.

    • Overwritten: The existing API policies overwritten by the imported ones.

    • Ignored: The existing API policies not overwritten by the imported ones.

Viewing Policies for a Task

  1. In Manager, navigate to the target Task.

  2. Click  to display the Tasks menu, then select Related API Policy.

    The Related Policies dialog window for the target Task is displayed.



  3. Click the Hierarchy tab to display the policy hierarchy.



Exporting Policies

  1. Navigate to the target Project Space or project in SnapLogic Manager.

  2. Right-click on the project folder to display the dropdown menu, and click Manage API Policy.

  3. When the API Policy Manager dialog appears, click Export. The API policies are downloaded to the specified folder (the default is the Downloads folder on your machine).


Deleting Policies in Manager

  1. Open the API Policy Manager dialog. 

  2. Click the  button for the API policy to delete.

  3. In the confirmation prompt, click Delete. The API policy is deleted.


Editing Policies

You can edit an API Policy by clicking it to display its settings.

  1. Depending on the asset associated with the API policy, choose one of the following methods to view the settings dialog window for an API policy.

    • For an Org:
      • Navigate to the Org-level shared folder in Manager, and place the cursor over the target Project Space/project,
      • Click   to view the dropdownlist and select Manage API Policy
    • For a Project Space or project,
      1. Navigate to the target asset in Manager, and place the cursor over the target Project Space/project,
      2. Click   to view the dropdownlist and select Manage API Policy 
    • For the API Management space, click the target API policy at one of the following levels:
      • Org-level shared folder.
      • API Details page
      • Version Details page
         
  2. Edit/update the API policy and click Validate & Save.