Waiting for engine...
Skip to main content

Using Policies with Gateway APIs

Overview

To use a policy with your API via APIs, you must:

  1. Create a DeployedApiPolicyRule that specifies the rule to use, configuration for the rule, and the HTTP methods of the requests that the rule should be applied to. After you have created a DeployedAPIPolicyRule you can modify, delete, or query it.

    note

    The DeployedApiPolicyRule is not specific to an API. After it is created, it can be assigned to one or more APIs. GraphQL APIs are provided for creating DeployedApiPolicyRule, querying existing DeployedApiPolicyRules, and assigning a DeployedApiPolicyRule to a deployment. Each GraphQL request must include a X-Account header, the value of the header is the user’s account identifier.

  2. Assign the DeployedApiPolicyRule to your API deployed on an API Gateway.

Creating a DeployedApiPolicyRule

To create a DeployedApiPolicyRule use the deployedApiPolicyRuleCreate mutation. If the mutation is executed successfully, it returns a newly created DeployedApiPolicyRule. If it fails, the mutation returns null data and details for the failure in the errors field.

Modifying a DeployedApiPolicyRule

If you want to modify an existing DeployedApiPolicyRule, use the deployedApiPolicyRuleUpdate mutation.

Deleting a DeployedApiPolicyRule

You can delete a DeployedApiPolicyRule if it is not being used by any active deployments. If the rule is in use, the deployedApiPolicyRuleDelete mutation returns the POLICY_RULE_IN_USE error.

Querying a DeployedApiPolicyRule

To retrieve all DeployedApiPolicyRule objects in an account, use the deployedApiPolicyRules query. You can also retrieve details for a specific DeployedApiPolicyRule if you know the rule id with the deployedApiPolicyRule query.

Assigning a DeployedAPIPolicyRule to a Deployed API

The DeployedApiPolicyRules are assigned to the APIs as custom policies. To assign a DeployedApiPolicyRule to an API, use the deployedApiUpdate mutation.

The mutation is modified to accept a new optional field - customPolicies. This field contains a list of DeployedApiPolicyInput objects specifying DeployedApiPolicyRules that should be applied to an API execution. Setting this field to an empty list (“[]”) removes any custom policies from the deployment.

On this Page