Skip to content
This repository has been archived by the owner on Jul 14, 2022. It is now read-only.

Policies

Jump to bottom
wwitman edited this page Mar 3, 2015 · 8 revisions

Introduction to policies

a127 enables you to add and configure certain API behavior without writing any code, by using 'policies'.

What are policies?

A policy is like a module that implements a specific, limited management function. Policies are designed to let you add common types of management capabilities to an API easily and reliably. a127 policies provide features like security, rate-limiting, and analytics, saving you from having to code and maintain this functionality on your own.

List of available policies

Available polices are:

### Quota

A quota specifies the number of request messages that an app is allowed to submit to an API over the course of a time unit of hours, minutes, or days.

For details, see Adding a quota policy.

### Spike arrest

A Spike Arrest policy protects against traffic spikes. It throttles the number of requests processed by an API proxy and sent to a backend, protecting against performance lags and downtime.

For details, see Adding a spike arrest policy.

### OAuth 2.0

OAuth 2.0 provides a way for apps to gain limited access to a user's protected resources. For a good introduction, see Introduction to OAuth 2.0. You add OAuth security to an a127 API by adding and configuring the OAuth policy.

For details, see Adding Apigee OAuth 2.0 to an API.

### API key

See Using API key authentication with the Apigee provider.

### Basic auth

See Using basic authentication with the Apigee provider.

### Cache

Caching saves the response to a specific API request so that it can be automatically returned without the need to hit the backend service or re-execute controller logic.

For details, see Adding a cache policy.

### Analytics

You can plug your a127 API directly into the Apigee Edge Analytics system. Edge Analytics gives you a wealth of feedback about your APIs, including performance data, API traffic patterns, developer information, error reports, geographical data, and much more. You can access this information through the Apigee Edge Analytics dashboards.

To access Apigee Analytics, you must use the volos-analytics-apigee module.

For details, see Adding Apigee Analytics to your API.

What do I need to know about policies?

Policies are implemented through Volos.js modules. All you need to do is select the policy you wish to use, include the appropriate volos module in your a127 project, and configure the policy in the swagger.yaml file.

Volos.js provides policy modules that require an Apigee Edge account and connection, in-memory implementations that do not require any outside connections, and Redis-based implementations that require the presence of a Redis key/value server.

## Adding and configuring policies

For example, to include a "quota" policy (a policy that provides rate-limiting for an API), you need to install the volos-quota-apigee, volos-quota-memory or volos-quota-redis module in your project. The easiest way to do this is to add the module to package.json and run npm install.

Then, in swagger.yaml, you add the (memory-based) policy like this:

      a127-services:
        quota:     
          provider: volos-quota-memory
          options:
             timeUnit: minute
             interval: 1
             allow: 2

And apply it to a path, like this:

     /hello:
        # binds a127 app logic to a route
        x-swagger-router-controller: hello_world
        x-a127-apply:
          quota: {}

## Configuring the Apigee-based policies

If you want to use Apigee-based policies, such as a quota policy with the volos-quota-apigee module, you need to do a few extra steps. Basically, you need to have a RemoteProxy service configured. This service provides the "conduit" through which your a127 proxy communicates with Apigee Edge, and thereby, is able to use Edge services like quota, cache, oauth and so on.

Note: Apigee-based policies are the best choice when you intend to deploy your a127 proxies to Apigee Edge.

For details, refer to the doc topic for each policy.

## Programmatic access to policies

You can access policies and set policy values in helper functions. For information, see Understanding helper functions.

Having Trouble? Try posting your question to the Apigee Community. Or, for more links and resources, check out our Help Page

Contents

Need help? Visit the Apigee Community !
Clone this wiki locally