Adding features using policies

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

Apigee enables you to program API behavior without writing any code by using policies. A policy is like a module that implements a specific, limited management function. Policies are designed to let you add common types of management capabilities to an API easily and reliably.

Policies provide features like security, rate-limiting, transformation, and mediation capabilities, saving you from having to code and maintain this functionality on your own. You're not limited to the set of policy types provided by Apigee. You can also write custom scripts and code (such as JavaScript applications), that extend API proxy functionality and enable you to innovate on top of the basic management capabilities supported by Apigee policies.

Create and attach policies to API proxies and shared flows using Apigee in Cloud Code as described in the following sections. Depending on the policy type, you may need to create a resource, as described in Managing resources. See also Managing folders and files in an Apigee workspace.

Creating a policy

To create a policy using Apigee in Cloud Code:

  1. In the Apigee section, perform one of the following actions based on where you want to attach the policy:

    Attach to Action
    API proxy Perform one of the following actions:
    • Position your cursor over one of the following folders, click Create icon, and select Create policy:
      • apiproxy-name proxy bundle
      • apiproxy-name/apiproxy
    • Position your cursor over the apiproxy-name/apiproxy/policies folder for the API proxy and click Create icon.
    Shared flow Perform one of the following actions:
    • Position your cursor over one of the following folders, click Create icon, and select Create policy:
      • sharedflow-name shared flow bundle
      • sharedflow-name/sharedflowbundle
    • Position your cursor over the sharedflow-name/sharedflowbundle/policies folder for the shared flow and click Create icon.

    The Create policy wizard opens.

  2. Select the category of the policy that you want to create from the list. For a description of the policy categories, see Policy reference overview.

  3. Enter a unique name for the policy and press Enter. The policy is added to the /policies folder for the API proxy or shared flow in the Apigee section and opened in the editor.

  4. Edit the file, as required, and select File > Save or ⌘S to save your edits. For more information about configuring the policy, see Policy reference overview.

  5. Create resources if required by the policy type, as described in Managing resources.

Attaching a policy to a flow

Policies are not executed until they are attached to a flow. You can attach a policy to a flow by adding the <Step> element to the appropriate request or response flow element in a ProxyEndpoint or TargetEndpoint configuration, as described in the following topics:

For example, the following configuration attaches a QuotaPolicy to the <PreFlow> of the ProxyEndpoint to configure the number of request messages that an API proxy allows over a period of time.

<ProxyEndpoint name="default">
  <PreFlow>
    <Request>
      <Step><Name>QuotaPolicy</Name></Step>
    </Request>
  </PreFlow>
  <HTTPProxyConnection>
    <BasePath>/weather</BasePath>
  </HTTPProxyConnection>
  <RouteRule name="default">
    <TargetEndpoint>default</TargetEndpoint>
  </RouteRule>
</ProxyEndpoint>