Apply the proxy policy to proxy another API within your operation, particularly if you need to call a large payload.

Gateway support

Table 1. Table showing which gateways support this policy, and the corresponding policy version
Gateway Policy version
DataPower® Gateway (v5 compatible) 1.0.0
DataPower API Gateway, functionality provided by Invoke  

This topic describes how to configure the policy in your OpenAPI source; for details on how to configure the policy in the assembly user interface, see Proxy.


Keep the following considerations in mind regarding the proxy policy.
  • Only one proxy policy is permitted to be called per assembly.
  • More than one proxy policy can be applied, if they are contained in mutually exclusive branches of the assembly.
  • You can use the proxy policy to return multipart form data, that is, when the response is set to Content-Type: multipart/related. However, proxy must be the final policy in the assembly, otherwise the response that is received is manipulated causing the multipart form data to be lost.
  • The proxy policy, if inside a conditional policy, must be the final policy to be executed in the API. If you need further processing afterward, use the invoke policy rather than the proxy policy.
  • The Proxy policy does not currently attempt to rewrite a Location header that is returned from the back end.
The proxy policy has the following structure:
- proxy:
  version: version
  title: title
  description: description
  target-url: URL_of_target_API
  tls-profile: TLS_profile_to_be_used
  verb: method_type
  http-version: HTTP_version
  timeout: timeout_value_in_seconds
  compression: is_data_to_be_compressed
  username: username_if_authentication_required
  password: password_if_authentication_required
  output: location_of_the_proxy_result
  cache-key: unique_identifier_of_the_document_cache_entry
  cache-response: cache_behavior
  cache-putpost-response: response_caching_behavior
  cache-ttl: cache_time_to_live
  stop-on-error: errors_that_stop_the_flow


The table describes the properties of the proxy policy.
Table 2. Proxy policy properties
Property Required Description Data type
version Yes The policy version number string
title No A title for the policy. string
description No A policy description. string
target-url Yes The URL of the target API. string
tls-profile No The TLS profile to be used. string
verb No

The operation method type.

Valid values:
  • Keep
  • GET
  • POST
  • PUT
  • HEAD

The default value is Keep.

http-version No The HTTP version. The default value is 1.1. string
timeout No The timeout value in seconds. The default value is 60. integer
compression No Specifies whether data is to be compressed by using gzip before it is uploaded. The default value is false. boolean
username No The user name, if authentication is required. string
password No The password, if authentication is required. string
output No Specifies the location of the proxy result. By default, the proxy result, that is the body, headers, statusCode and statusMessage, is saved in the variable context.message. The assembly developers can specify an additional location to store the proxy result with the output property. string


No Specifies the unique identifier of the document cache entry. string


No The cache response type.
Valid values:
  • protocol: The cache behavior is defined by the Cache-Control headers on the request and response.
  • no-cache: Specifies that there is no caching. However, if the document is already in the cache, the document is retrieved from the cache.
  • time-to-live: Specifies that the response stays in the cache for the specified time.

The default value is protocol.

cache-putpost-response No Specifies whether to cache the response from POST and PUT requests. Caching the response from POST and PUT requests can reduce server load and reduce latency in the response to the client request.

The default value is false.



No Specifies the amount of time in seconds that the response stays in the cache. Applies only if the property cache-response is set to time-to-live. Enter a value in the range 5 - 31708800.

The default value is 900.

stop-on-error No List the errors that, if thrown during the policy execution, cause the flow to stop. If there is a catch flow configured for the error, it is triggered to handle the error thrown. If an error is thrown and there are no errors specified for the Stop on error property, or if the error thrown is not one of the specified errors, the policy execution is allowed to complete, and the assembly flow continues. string