IBM® API Connect includes a number of built-in policies that you can use to apply preconfigured policy statements to an operation to control an aspect of processing in the Gateway server when an API is invoked.
- Indicates that the policy can be run on the DataPower Gateway (v5 compatible).
- Indicates that the policy can be run on the DataPower API Gateway.
For details of the two types of gateway, see API Connect gateway types.
Built-in policies are configured in the context of an API. You can use the API Designer assembly editor to add a built-in policy to an API and to configure the properties for that policy.
You can also add built-in policies to an API by creating an OpenAPI definition file. For more information, see Creating an OpenAPI definition file.
|Built-in policy||OpenAPI policy||Description|
|Activity Log||activity-log||Use the Activity
Log policy to configure your logging preferences for the API activity that is stored in IBM API
Connect analytics. The preferences that you specify will override the default settings for collecting and storing details of the API activity.
Note: The Activity Log policy is not supported in the assembly for an API whose gateway type is DataPower API Gateway. Instead, you configure activity logging in the API design settings.
Functionality provided in the API design
|Client Security||client-security||Provides a range of options for authenticating client access to your APIs, extending the capabilities of the OpenAPI specification.|
|GatewayScript||gatewayscript||Use the gatewayscript policy to execute a specified DataPower GatewayScript program.|
|Generate JWT||jwt-generate||Use the Generate JWT security policy in IBM API Connect to generate a JSON Web Token (JWT).|
|Validate JWT||jwt-validate||Use the Validate JWT security policy to enable the validation of a JSON Web Token (JWT) in a request before allowing access to the APIs.|
|if||if||Use the if policy to apply a section of the assembly when a condition is fulfilled.||
Functionality provided by switch
|GraphQL introspect||graphql-introspect||Use the GraphQL introspect policy to introspect a GraphQL schema.|
|Invoke||invoke||Apply the Invoke policy to call another
service from within your assembly. The response from the backend is stored either in the variable
|Log||log||Use the Log policy to customize or override the default activity logging configuration for an API.|
|Map||map||Use the Map policy to apply transformations to your assembly flow and specify relationships between variables.|
|operation-switch||operation-switch||Use the operation-switch policy to apply a section of the assembly to a specific operation.|
|OAuth||oauth||Use the OAuth policy to policy to perform OAuth processing based on defined OAuth provider settings.|
|Parse||parse||Use the Parse policy to control the parsing of an input document. When the input document is a JSON string, the string is parsed instead of copied over.|
|Proxy||proxy||Apply the Proxy policy to invoke another API within
your assembly, particularly if the separate API contains a large payload. The response from the
backend is stored in the
Functionality provided by Invoke
|Rate Limit||ratelimit||Use the Rate Limit policy to apply one or more rate or burst limits at any point in your API assembly flow. Rate and burst limits restrict the number of calls that an application can make to an API in a specified time period.|
Redaction - DataPower API Gateway
redact - DataPower API Gateway
|Use the Redaction policy to completely remove or to redact specified fields from the Request body, the Response body, and the activity logs. You might find this policy useful for removing or blocking out sensitive data (for example, credit card details) for legal, security, or other reasons.|
|Set Variable||set-variable||Use the Set Variable policy to set the value of a runtime variable, or to clear a runtime variable, or to add a header variable.|
|switch||switch||Use the switch policy to execute one of a number of sections of the assembly based on which specified condition is fulfilled.|
|throw||throw||Use the throw policy to throw an error when it is reached during the execution of an assembly flow.|
|User Security||user-security||Use the user-security policy to extract a user's credentials, authenticate those credentials, and obtain authorization from the user.|
Validate - DataPower API Gateway
validate - DataPower API Gateway
|Use the Validate policy to validate the payload in an assembly flow against a JSON or an XML schema.|
|Validate Username Token||validate-usernametoken||Use the Validate Username Token policy to validate a Web Services Security (WS-Security) UsernameToken in a SOAP payload before allowing access to the protected resource.|
|XSLT||xslt||Use the XSLT policy to apply an XSLT transform to the payload of the API definition.|