| description |
|---|
Detailed documentation for all of Gravitee's policies |
Gravitee policies fall into several functional categories: security, transformation, restrictions, performance, routing, and monitoring & testing. Although the implementation details of each policy are unique, they share a common installation and deployment and are compatible with subsets of phases.
{% hint style="info" %} Policies cannot currently be applied to v4 TCP proxy APIs {% endhint %}
| Policy | v2 API | v4 HTTP proxy API | v4 message API |
|---|---|---|---|
| API Key | true | true | false |
| Assign Attributes | true | true | true |
| Assign Content | true | true | true |
| Assign Metrics | true | true | true |
| AVRO to JSON | true | true | true |
| AVRO to Protobuf | true | true | true |
| AWS Lambda | true | false | false |
| Basic Authentication | true | true | false |
| Cache | true | false | false |
| Circuit Breaker | true | false | false |
| Cloud Events | false | false | true |
| Custom Query Parameters Parser | true | true | false |
| Data Logging Masking | true | false | false |
| Dynamic Routing | true | true | false |
| Generate HTTP Signature | true | true | false |
| Generate JWT | true | true | false |
| GeoIP Filtering | true | true | false |
| GraphQL Rate Limit | true | true | false |
| Groovy | true | true | true |
| HTML to JSON | true | true | false |
| HTTP Callout | true | true | false |
| HTTP Signature | true | true | false |
| Interrupt | true | true | false |
| IP Filtering | true | true | false |
| Javascript | true | true | false |
| JSON to JSON | true | true | true |
| JSON to XML | true | true | true |
| JSON Threat Protection | true | true | false |
| JSON Validation | true | true | false |
| JSON Web Signature | true | true | false |
| JSON Web Token | true | true | false |
| Keyless | true | true | false |
| Latency | true | true | true |
| Message Filtering | false | false | true |
| Metrics Reporter | true | false | false |
| Mock | true | false | false |
| OAS Validation | true | true | false |
| OAuth2 | true | true | false |
| OpenID Connect UserInfo | true | true | false |
| Override HTTP Method | true | true | false |
| Protobuf to JSON | true | true | true |
| Rate Limit | true | true | false |
| Regex Threat Protection | true | true | false |
| Request Content Limit | true | true | false |
| Request Validation | true | true | false |
| Resource Filtering | true | true | false |
| REST to SOAP | true | true | false |
| Retry | true | false | false |
| Role-based Access Control | true | true | false |
| SSL Enforcement | true | true | false |
| Traffic Shadowing | true | false | false |
| Transform Headers | true | true | true |
| Transform Query Params | true | true | false |
| URL Rewriting | true | true | false |
| WS Security Authentication | true | true | false |
| XML to JSON | true | true | true |
| XML Threat Protection | true | true | false |
| XML Validation | true | true | false |
| XSLT | true | true | false |
Each version of Gravitee API Management (APIM) includes a number of policies in the default distribution. Gravitee Enterprise Edition policy plugins are available for download here.
To use a different version of the policy or add a custom policy, you can follow the deployment instructions below.
How to deploy a plugin
Please check the policy documentation to ensure the policy version you select is compatible with your version of APIM.
To deploy the plugin, follow these steps:
- Download the plugin archive (a
.zipfile) from the plugins download page. - Add the file into the Gateway and Management API
pluginsfolders. The default location is ${GRAVITEE_HOME/plugins} but this can be modified in thegravitee.yamlfile. For most installations, the Gateway and Management APIpluginsfolders are at/gravitee/apim-gateway/pluginsand/gravitee/apim-management-api/plugins, respectively. - Restart your APIM nodes.
Policies can be added to flows that are assigned to an API or to a plan. Gravitee supports configuring policies through the Policy Studio in the Management Console or interacting directly with the Management API.
Policies can be applied to the request or the response of a Gateway API transaction, which are broken up into phases that depend on the API definition version. Each policy is compatible with a subset of the available phases.
{% tabs %} {% tab title="v4 API definition" %} v4 APIs have the following phases:
onRequest: This phase is executed before invoking the backend services for both proxy and message APIs. Policies can act on the headers and the content for proxy APIs.onMessageRequest: This phase occurs after theonRequestphase and allows policies to act on each incoming message before being sent to the backend service. This only applies to message APIs.onResponse: This phase is executed after invoking the backend services for both proxy and message APIs. Policies can act on the headers and the content for proxy APIs.onMessageResponse: This phase after theonResponsephase and allows policies to act on each outgoing message before being sent to the client application. This only applies to message APIs. {% endtab %}
{% tab title="v2 API definition" %} v2 APIs have the following phases:
onRequest: This phase only allows policies to work on request headers. It never accesses the request body.onRequestContent: This phase always occurs after theonRequestphase. It allows policies to work at the content level and access the request body.onResponse: This phase only allows policies to work on response headers. It never accesses the response body.onResponseContent: This phase always occurs after theonResponsephase. It allows policies to work at the content level and access the response body. {% endtab %} {% endtabs %}