Global Policies

Edit online

Global policies are a set of policies that are associated globally to all APIs or the selected set of APIs. Global policies are supported for SOAP and REST APIs but not supported for GraphQL API.

By associating policies globally to all APIs or the selected set of APIs, the administrator can ensure that a set of policies is applied to the selected APIs by default. The administrator can, for example, define a global policy that attaches a WS-Security (WSS) authentication to all SOAP API endpoints within a specific IP range. In this case, any client request from the specific IP range automatically inherits the security configuration defined in the global policy for SOAP APIs.

webMethods API Gateway provides a system global policy, Transaction logging, which is bundled with the product. By default, the policy is in the Inactive state. The transaction logging policy has standard filters and log invocation policy, that log request or response payloads to a specified destination. You can modify this policy to include additional filters or modify the policy properties, but you cannot delete this policy. You can activate this policy in the Polices > Global policies page or through the global policy details page. Activating the policy enforces it on all APIs in webMethods API Gateway based on the configured filters, and logs transactions across all the APIs. If you have multiple log invocation policies assigned to an API, the policies are compiled into a single policy and one transaction log is created per destination.

Global Policy Matrix

This table lists the stage-specific policies that can be configured as global policy for different types of APIs at the global level.
Note: The Policy configuration page displays only the policies that are common to one or more API types selected in the global policy filter.
Stages Policies
Transport
  • Enable bulkhead - This policy can be enforced to configure the maximum number of concurrent requests that the APIs can process.
  • Enable HTTP/HTTPS - This policy can be enforced for all types of API. But the SOAP versions 1.1 and 1.2 are applicable only for SOAP-based APIs. The SOAP 1.1 and SOAP 1.2 sub types are not available in UI when the REST and ODATA APIs are selected.
    Note: It is recommended to create a separate policy for each API type.
  • Set Media Type - This policy is applicable only for a REST request and the policy name is not listed in Policy configuration page when the SOAP and ODATA APIs are selected.
  • Enable JMS/AMQP - This policy is applicable only for SOAP APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected.
Identity & Access
  • Authorize User, Identify & Authorize - These policies can be enforced to any API Type.
  • Inbound Auth - Message - This policy is applicable only for SOAP-based APIs and the policy name is not listed in Policy configuration page when the REST and ODATA APIs are selected.
Request Processing
  • Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type.
  • Request Transformation - This policy is applicable only for SOAP and REST APIs. and not for ODATA services. When all three API types are selected, Request Transformation policy cannot be applied at the global level.
Routing Custom HTTP Header, Outbound Auth - Transport, Outbound Auth - Message. The Routing stage policies can be applied at a global level for all types of API.
Traffic Monitoring Log Invocation, Monitor Performance, Monitor SLA, Traffic Optimization, and Service Result Cache. The Traffic Monitoring stage policies can be applied at a global level for all types of API.
Response Processing
  • Invoke webMethods IS, Validate API Specification, Data Masking - These policies can be enforced to any API Type.
  • Response Transformation - This policy can be enforced only for SOAP and REST APIs and the policy name is not listed in Policy configuration page when ODATA API type is selected.
  • CORS - This policy can be enforced only for REST and ODATA APIs and the policy name is not listed in Policy configuration page when SOAP-based API is selected.
Error handling

Conditional Error Processing and Data Masking. The Error handling stage policies can be applied at a global level for all types of API.