Introduction

Policies generally enforce some business logic that needs to be executed on the Request, Response, or Fault flow of an API invocation. A policy is a collection of rules that will be executed at the API Gateway. Using policies we can make API invocations undergo slight behavioural modifications before reaching the backend. In a similar manner, we can modify the API response a client receives.

API Manager ships a default set of policies that cover most of the common use cases that you will need, while also giving you the ability to create your own. There are three main flows under each API operation that you can utilize to attach any policy that you need. Namely, Request Flow, Response Flow and Fault Flow. You can also attach multiple policies under each of these flows, and are free to swap and rearrange the attached policies. Policies can be created either as common policies or as API-specific policies