Refining the Scope of a Global Policy

Edit online

Before you begin

You must have the webMethods API Gateway's manage global policies functional privilege assigned.

About this task

If you want to further restrict the set of APIs to which the global policy is applied, you can specify additional selection criteria in the Filter section of the API details page. Using the Filter section, you can filter APIs by Name, Description, Version attributes, HTTP Methods (applicable only for REST APIs), API tag (applicable for all selected API types), Resource/Operation tag (applicable for REST and SOAP APIs) and Method tag (applicable for a REST API). For details about the API types and their components for which you can add a tag, see Adding Tags to an API. If you specify no filter criteria, webMethods API Gateway applies the global policy to all the selected APIs.

If the specified attribute does not apply for the selected API type, it is not evaluated for that API type alone. For example, if you specify Resource/Operation tag = secure and select all API types, REST, SOAP, and ODATA, then while evaluating the condition for each API, the expression evaluates only for SOAP and REST API and does not evaluate the filter for OData API.

Filtering by Name, Description, Version and Tag attributes

You can filter APIs based on their Name, Description, Version, API tag, Resource/Operation tag and Method tag attributes using any of the following comparison operators:
Comparison Operators Description
Equals Selects APIs whose Name, Description, Version or Tag value matches a given string of characters. For example, use this operator to apply a policy only to REST APIs with the Name or Description value 4G Mobile Store.
Not Equals Selects APIs whose Name, Description, Version or Tag value does not match a given string of characters. For example, use this operator to apply a policy only to all REST APIs except those with the Name, Description, or Tag value Mobile.
Contains Selects APIs whose Name, Description or Tag value includes a given string of characters anywhere within the attribute's value. For example, use this operator to apply a policy to REST APIs that had the word Mobile anywhere in their Name, Description, or Tag attribute.
Starts with Selects APIs whose Name, Description, or Tag value begins with a given string. For example, use this operator to apply a policy only to REST APIs whose Name, Description, or Tag begins with the characters 4G.
Ends with Selects APIs whose Name, Description, or Tag value ends with a given string. For example, use this operator to apply a policy only to REST APIs whose Name, Description, or Tag value ends with the characters Store.
When specifying match strings for the comparison operators described above, keep the following points in mind:
  • Match strings are not case-sensitive. If you define a filter for names that start with ABC it select names starting with abc and Abc.
  • Wildcard characters are not supported. That is, you cannot use characters such as * or % to represent any sequence of characters. These characters, if present in the match string, are simply treated as literal characters that are to be matched.

Filtering by HTTP Methods (Applicable only for REST APIs)

  • You can optionally restrict a policy to specific HTTP methods of the REST APIs by specifying the options GET, POST, PUT, DELETE, PATCH, and HEAD.
HTTP Methods Description
GET Policy applies only to HTTP GET requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming GET request.
POST Policy applies only to HTTP POST requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming POST request.
PUT Policy applies only to HTTP PUT requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming PUT request.
DELETE Policy applies only to HTTP DELETE requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming DELETE request.
PATCH Policy applies only to HTTP PATCH requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming PATCH request.
HEAD Policy applies only to HTTP HEAD requests for any resource in the API. For example, use this option to apply a policy to resources of a REST API during an incoming HEAD request.

To refine the scope of a global policy

Procedure

  1. Click Policies in the title navigation bar.
  2. Click the Global policies tab.
    A list of all available global policies appears. Use the Show drop-down list at the bottom of the page to set the maximum number of policies you want to display in a page.
  3. Select the required policy.
    The global policy details page appears.
  4. Click Edit.
    If you do not see the Edit button, it is probably because you do not have the webMethods API Gateway Administrator role to refine the scope of a global policy in webMethods API Gateway.
  5. Click Filters.
  6. To filter by API types, select the API types by which you want to filter APIs.
  7. Applicable only for REST APIs. To filter by HTTP methods, in the Filter using HTTP methods section, select the HTTP methods by which you want to filter APIs with appropriate incoming requests.
  8. To filter by Name, Description, Version, or Tags perform the following steps in the Filter using attributes section:
    1. Select an attribute to filter the APIs to which you want to apply the global policy.
      Available attributes: API name, API description, API version, API tag, Resource/Operation tag, Method tag.
    2. Select the comparison operator.
    3. Specify the match string in the third field.
    4. To specify additional criteria, click the Add button and repeat the above steps.
    5. Select the logical conjunction (AND) or disjunction (OR) operation to apply when multiple criteria are specified for the global policy. The default value is AND.
    You can add multiple attribute filter groups by clicking the +Add button. You can also specify the logical conjunction (AND) or disjunction (OR) operation to apply between filter groups.
  9. Click Save to save the updated policy.