Built-in policies

IBM API Studio provides a set of built-in policies that you can apply to an operation to control specific aspects of processing in the Gateway server when an API is invoked.

Built-in policies are configured in the context of an API. You can use the IBM API Studio assembly editor to add a built-in policy to an API and configure the properties for that policy.

The following table shows the list of built-in policies that are available.

Table 1. Built-in policies: Actions policies
Policy Description
Cache Stores responses temporarily to reduce backend load and improve performance.
Circuit Breaker Protects backends by limiting requests when failures exceed a threshold.
Count Limit Tracks numeric counts and enforces limits for rate, usage, or attempts.
Invoke Calls an external backend service and forwards the response to the flow.
Invoke AWS Lambda Invokes an AWS Lambda function and processes the returned payload.
Load Balancer Distributes requests across multiple backend endpoints for availability and performance.
Rate Limit Applies rate or burst limits to control how often clients can call the API.
Retry Retries failed backend requests based on the configured attempt and delay settings.
Set Sets or updates context variables that can be used later in the flow.
Validate Validates incoming payloads against a schema to ensure correct data structure.
Table 2. Built-in policies: Security policies
Policy Description
Authenticate Validates client identity using the configured authentication provider.
Authorize Enforces access control by checking roles or permissions.
CORS Applies Cross-Origin Resource Sharing rules for browser-based clients.
Extract Identity Extracts identity attributes from tokens or headers and stores them in context.
IBM Cloud Login Authenticates clients using IBM Cloud App ID.
Set Authorization Sets outbound authorization information for backend requests.
SQL Injection Filter Detects and blocks SQL injection patterns in incoming requests.
Table 3. Built-in policies: Transform policies
Policy Description
Handlebars Template Generates output using a Handlebars template with runtime values.
Parse Converts raw input into structured JSON or XML for downstream processing.
Redact Masks or removes sensitive data from headers, parameters, or payloads.
Remove Deletes specific headers, query parameters, or elements from the message.
Telemetry Captures request or response details for monitoring and diagnostics.
Transform Modifies or restructures payload content using defined transformation rules.