Anonymous Authenticator

Use the Anonymous Authenticator policy to allow anyone access to your API. When a request does not contain any credentials for authentication by another policy (such as API Key), you can use this policy to authenticate the request automatically and identify the user by the client IP address. The Anonymous Authenticator policy can be useful for providing access to read-only APIs: for example, a public landing page, which needs to provide some dynamic information, can access an API with this policy. The user role is based on the policy settings.

You must use the Anonymous Authenticator policy with an authorization policy. For example, you can configure this policy to add the role “anonymous” to the client, and then configure the Authorize By Role policy to authorize users with that role. However, since the Anonymous Authenticator policy allows anyone to access an API, you should always combine this policy with a restrictive Client Throttle policy to prevent overloading a Snaplex with too many requests.

Authentication Policy Requirement

All Authentication policies require the Authorize By Role policy to authenticate the API caller correctly. For example, you can configure this policy to add the role “admin” to the client and then configure the Authorize By Role policy to authorize users with that role.

Policy Execution Order

This policy executes after the other authentication policies, specifically those whose mechanisms are based on the client providing a token in the request, like the API Key or Callout Authenticator policies.

Expression Enabled Fields in API Policies

All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.

Parameter NameDescriptionDefault ValueExample
LabelRequired. The name for the API policy.Anonymous AuthenticatorProject - Anonymous Authenticator
When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.

For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.

N/Arequest.method == "POST"

RequiredA list of role names to be assigned to the client making the request. Click + to add roles.

  • Blank role names are ignored.
  • An error is displayed if a duplicate role name is found. 
  • The role names specified can be checked in other API policies such as Client Throttling or Authorize By Role.

The name of the role.


Specifies whether the API policy is enabled or disabled. 


Best Practices

Since this API policy allows anonymous access include a Client Throttling policy to restrict the number of anonymous requests to prevent a Snaplex from being overloaded by too many requests.