You can create and edit policies locally, using your favorite text or XML-aware editor or IDE. This topic uses the Quota policy type as an example of how to create, configure, attach, deploy, and test policies.
Most API proxies enforce a quota. Quotas provide control over how often a client app is permitted to invoke an API over a given time interval. In the example below, a Quota policy is configured to limit apps to 1 request per minute. (While this may not be realistic, it does provide a simple way to see the effects of a policy.)
In an API proxy configuration, Policy files are stored as XML files under
For example, a policy of type Quota called Quota Policy could be created as a file called
QuotaPolicy.xml with the following content:
<Quota enabled="true" continueOnError="false" async="false" name="QuotaPolicy"> <Allow count="1"/> <Interval>1</Interval> <TimeUnit>minute</TimeUnit> </Quota>
You can create a text file by hand, or you can generate the policy from an XML schema. All policies have some settings that are specific to the policy type, and some settings that are generic across all policies.
All policies define the following attributes:
enabled: Indicates whether the policy is turned on or off. Policies can be enabled/disabled at runtime by changing this setting. A policy that has
falseis not enforced.
continueOnError: Defines whether the pipeline should continue processing the message if the policy fails. When enforcing quota policies, errors likely indicate that the quota has been exceeded, and, therefore, this attribute should be set to false.
async: In a policy, enabling
async=truetells API Services to run the policy inside a different thread pool, isolated from the regular pool that is servicing the request/response Flow. This is an internal optimization that will rarely be of use to API developers.
name: The name that you give to this policy. This name is unique to this policy instance, and it is used to attach the policy to the flow as a processing step.
In the example above, the elements
TimeUnit are specific to the Quota policy. These elements provide settings that API
Services enforces on behalf of an API. Other policy types define their own settings, which you
can learn about in the Policy Reference.