-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #677 from sgayangi/658-1.2.0
[1.2.0] Update API Policy documentation
- Loading branch information
Showing
28 changed files
with
219 additions
and
67 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 8 additions & 0 deletions
8
en/docs/control-plane/api-management/api-policies/add-header.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| The header modification functionality allows the addition, modification, and removal of headers in both requests and responses. This capability is useful for enhancing control and flexibility in API interactions, ensuring that specific requirements for incoming requests and outgoing responses are consistently met. This functionality is configured using the HTTPRoute filters `RequestHeaderModifier` and `ResponseHeaderModifier` filters, which specify how headers should be manipulated at various stages of the request and response lifecycle. | ||
|
|
||
| To add headers to requests or responses for an API or an API operation, add the name of the header and the value you require as properties in the header policy, as shown below. | ||
|
|
||
| [](../../../assets/img/api-policies/add-header-policy.png) | ||
|
|
||
| !!! note | ||
| While interceptors can be used for header modification as well, it is recommended to use the Add Header and Remove Header policies for that scenario, and use Interceptor policies for more advanced use cases. |
19 changes: 19 additions & 0 deletions
19
en/docs/control-plane/api-management/api-policies/api-policies-overview.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Add API Policy to API in API Manager | ||
|
|
||
| Policies generally enforce some business logic that needs to be executed on the Request or Response flow of an API invocation. A policy is a collection of rules that will be executed at the API Gateway. Using policies we can make API invocations undergo slight behavioural modifications before reaching the backend. In a similar manner, we can modify the API response a client receives. | ||
|
|
||
| API Manager ships a default set of policies that cover most of the common use cases that you will need. You can attach policies to the API in the [API Manager publisher portal](https://am.wso2.com/publisher){:target="_blank"}. | ||
|
|
||
| The list of supported policies are as follows. | ||
|
|
||
| 1. Request flow: | ||
| - [Add Header](./add-header.md){:target="_blank"} | ||
| - [Remove Header](./remove-header.md){:target="_blank"} | ||
| - [Call Interceptor Service](./interceptor-service.md){:target="_blank"} | ||
| - [Mirror Request](./mirror-request.md){:target="_blank"} | ||
| - [Redirect Request](./redirect-request.md){:target="_blank"} | ||
| - [Backend JWT](./backend-jwt.md){:target="_blank"} | ||
| 2. Response flow: | ||
| - [Add Header](./add-header.md){:target="_blank"} | ||
| - [Remove Header](./remove-header.md){:target="_blank"} | ||
| - [Call Interceptor Service](./interceptor-service.md){:target="_blank"} |
44 changes: 44 additions & 0 deletions
44
en/docs/control-plane/api-management/api-policies/attaching-api-policies.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| ## Attaching Policies | ||
|
|
||
| Follow the instructions below to attach one or more default policies to an existing API. | ||
|
|
||
| 1. Sign in to the WSO2 API Publisher at [https://am.wso2.com/publisher](https://am.wso2.com/publisher){:target="_blank"}. | ||
|
|
||
| 2. Click on the API for which you want to attach policies to. Navigate to **API Configurations** → **Policies**. | ||
|
|
||
| 3. First let us consider the **API Level Policies** tab. You can attach any number of policies by dragging and dropping from the policy list to the dropzone appearing under the desired flow (i.e. request or response). Since these policies are attached to the API level, upon API invocation these policies are engaged regardless of the resource that was invoked. | ||
|
|
||
|
|
||
| !!! Note | ||
| API level policies will execute before operation level policies. | ||
|
|
||
| [](../../../assets/img/api-policies/api-level-policies.png) | ||
|
|
||
| 4. Now let us consider the **Operation Level Policies** tab. Pick out the desired operation and flow to which you want to attach policies. Once that is decided, you can expand that API operation. At this point you will notice that by default the UI will open up the first API operation on initial page visit. | ||
|
|
||
| 5. Let’s attach a policy to the operation. Scroll down through the left side column of the UI and click on the operation. You should be able to see the below screen when the API operation is expanded. | ||
|
|
||
| [](../../../assets/img/api-policies/operation-level-policy-view.png) | ||
|
|
||
|
|
||
| 6. Drag the **Add Header** policy from the **Request** tab of the **Policy List** and drop that to the **Request Flow** dropzone of the first operation. You will notice a side panel appearing from the right hand side. Fill the required details using the values provided below. Then, click **Save**. | ||
|
|
||
| | Field | Sample Value | | ||
| | ------------ | ------------ | | ||
| | Header Name | Foo | | ||
| | Header Value | Bar | | ||
|
|
||
| !!! Note | ||
| You can optionally use the **Apply to all** resources option to attach the same policy to all the resources. This will attach the same policy to all the API operations along with the values you entered to configure the policy (if any). It is important to note that if the policy was applied to the Request Flow, it will only be applied to all the request flows of all operations. | ||
|
|
||
| 7. Now that we have saved the dropped policy, you should be able to see the attached **Add Header** policy (depicted with the initials `AH`). | ||
|
|
||
| [](../../../assets/img/api-policies/attached-add-header.png) | ||
|
|
||
| 8. If you click on this newly attached **AH** (i.e. Add Header) policy, you should still be able to view/edit values that you entered initially. | ||
|
|
||
| [](../../../assets/img/api-policies/add-header-policy.png) | ||
|
|
||
| You can attach as many policies as you want for the operation. | ||
|
|
||
| 9. Finally, when you are satisfied with the dragged and dropped policies, you can go ahead and click on the **Save** button at the bottom of the page. Note that if you do not click on save, none of the dropped policies will be saved to the API. |
28 changes: 28 additions & 0 deletions
28
en/docs/control-plane/api-management/api-policies/backend-jwt.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Passing End User Attributes to the Backend | ||
|
|
||
| There can be scenarios where a backend service needs to make different decisions or respond with different data, depending on the application end-user that consumes an API. To achieve this the backend service needs to have access to the respective end-user's data at the time an API call takes place. | ||
|
|
||
| This can be facilitated by the Gateway by sending the end user attributes that are defined in the respective user store, in a JWT via an HTTP header, to the backend service when the API call is being forwarded. | ||
|
|
||
| ## How does it work? | ||
|
|
||
| The backend JSON Web Token (JWT) contains the claims that are transferred between two parties, such as the end-user and the backend. A claim is an attribute of the user that is mapped to the underlying user store. A set of claims is referred to as a dialect (e.g., http://wso2.org/claims). | ||
|
|
||
| If you enable backend JWT generation in the Gateway, each API request will carry a digitally signed JWT, which is in the following format to the backend service. | ||
|
|
||
| `{token header}.{claims list}.{signature}` | ||
|
|
||
| When the request goes through the Gateway, the backend JWT is appended as a transport header to the outgoing message. The backend service fetches the JWT and retrieves the required information about the user, application, or token. | ||
|
|
||
| To enable backend JWT for an API or an operation, you can add a policy as follows. | ||
|
|
||
| [](../../../assets/img/api-policies/backend-jwt.png) | ||
|
|
||
| The following values need to be added to the policy. | ||
|
|
||
| | Field | Description | | ||
| | ----------------- | ----------------------------------------------------------------------------------------- | | ||
| | Encoding | The encoding mechanism used to encode the Backend JWT. | | ||
| | Signing Algorithm | The signing algorithm used to sign the Backend JWT. | | ||
| | Header Name | The name of the HTTP header to which the Backend JWT is attached and sent to the backend. | | ||
| | Token TTL | The expiry time of the Backend JWT. | |
26 changes: 26 additions & 0 deletions
26
en/docs/control-plane/api-management/api-policies/interceptor-service.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
|
|
||
| You can use interceptors to carry out transformations and mediation on the requests and responses. Request interceptor gets triggered before sending the request to the backend. Response interceptor gets triggered before responding to the client. Here, an interceptor is a separate microservice that handles the request, response, or both request and response transformations. | ||
|
|
||
| When you have attached an Interceptor `APIPolicy` like above example to your `API`, then the request flow (`1`, `2`, `3`, and `4` numbered circles) and response flow (`5`, `6`, `7`, and `8` numbered circles) can be depicted as below. | ||
|
|
||
|  | ||
|  | ||
|
|
||
| If you are an API developer, you can write a custom request/response interceptor microservice in any programming language of your choice by following [the Interceptor OpenAPI Definition](https://github.com/wso2/apk/blob/main/developer/resources/interceptor-service-open-api-v1.yaml){:target="_blank"}. Then you can provide the endpoint of the microservice to the Interceptor policy and then save and redeploy the API. | ||
|
|
||
| ## Configuring Interceptors | ||
|
|
||
| Configuring an interceptor requires the following two steps. | ||
|
|
||
| 1. [Implement an interceptor microservice adhering to the Interceptor OpenAPI Definition](https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/message-transformation/interceptor-microservice/interceptor-microservice/){:target="_blank"} | ||
| For reference, a sample interceptor service for data conversion between application/json and application/xml data types with interceptor policy CRs can be found here: [request-response-mediation-interceptors](https://github.com/wso2/apk/tree/main/samples/request-response-mediation-interceptors){:target="_blank"} | ||
|
|
||
| 2. Create the Interceptor Policy from the APIM Publisher window as follows. | ||
| [](../../../assets/img/api-policies/interceptor-policy.png) | ||
|
|
||
| The following fields need to added. | ||
|
|
||
| | Field Name | Description | | ||
| | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Service URL | The endpoint of the interceptor microservice | | ||
| | Includes to payload | The content of the payload that must be sent to the interceptor. Possible values include: request_headers, request_body, request_trailer, response_headers, response_body, response_trailer, invocation_context | |
9 changes: 9 additions & 0 deletions
9
en/docs/control-plane/api-management/api-policies/mirror-request.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| Request mirroring allows traffic to be duplicated and sent to additional backends for testing and monitoring purposes. This feature is particularly useful for scenarios where you want to test changes or monitor the behavior of your application under different conditions without affecting the primary production or sandbox environment. The Request Mirror filter can mirror requests to different backends apart from the primary backend defined in the production or sandbox endpoints. | ||
|
|
||
| The current implementation operates in a “fire and forget” manner, and only the response from the primary endpoint will be returned. This allows for the assessment of changes in a real-world environment without impacting the actual user experience. This method ensures that the production environment remains stable while providing insights into how updates or modifications would perform under actual load conditions. | ||
|
|
||
| For request mirroring, add the URL you want the request to be mirrored to in the Mirror Request Policy as shown below. | ||
|
|
||
| [](../../../assets/img/api-policies/mirror-request.png) | ||
|
|
||
| When this operation is invoked, the request will then be sent to the URL added in the policy and the backend URL. |
17 changes: 17 additions & 0 deletions
17
en/docs/control-plane/api-management/api-policies/redirect-request.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
|
|
||
| Request redirection allows you to send clients to a different URL. This can be useful for changing old URLs to new ones or directing traffic based on specific conditions. Request redirection can be configured via the apk-conf file as follows. | ||
|
|
||
| The redirect request policy requires two values: | ||
|
|
||
| 1. The URL to be shown in the location header in the response | ||
| 2. The status code to be shown in the response | ||
|
|
||
| These values can be provided in the redirect request policy as follows. | ||
|
|
||
| [](../../../assets/img/api-policies/redirect-request.png) | ||
|
|
||
| Once you have saved the above policy and redeployed the API, when you invoke the operation you added the redirect policy to, you will get a response similar to the following. | ||
|
|
||
| [](../../../assets/img/api-policies/redirect-request-response.png) | ||
|
|
||
| The location header and the status code contain the values that were specified in the request redirect policy. |
12 changes: 12 additions & 0 deletions
12
en/docs/control-plane/api-management/api-policies/remove-header.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| Web services may contain response headers with sensitive information. This header can be used to remove HTTP request headers from the responses for security reasons. | ||
|
|
||
| To remove headers from requests or responses for an API or an API operation, add the name of the header to be removed as a property in the header policy, as shown below. | ||
|
|
||
| [](../../../assets/img/api-policies/remove-header.png) | ||
|
|
||
| If the remove header policy is applied to the Request flow, the header will be removed from the request body and sent to the backend. | ||
|
|
||
| If the remove header policy is applied to the Response flow, the header will be removed from the response body and sent back to the client. | ||
|
|
||
| !!! note | ||
| While interceptors can be used for header modification as well, it is recommended to use the Add Header and Remove Header policies for that scenario, and use Interceptor policies for more advanced use cases. |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...te-and-attach-api-policies/redirect-request-filters/redirect-request-via-crs.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.