Policy in APIM

• Policies are a collection of statements (define in xml) that are executed sequentially on the request or response of an API
• Allows the Azure portal to change the behavior of the API through configuration
• Links:
  • Policy expressions is use to define policies
  • https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies
  • Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-policies

Important notes about policy

• Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements
• Only the <forward-request> policy element can appear within the <backend> section element
• To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element
• To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element
• To add a policy position the cursor at the desired insertion point and click on the round button associated with the policy
• To remove a policy, delete the corresponding policy statement from the policy document
• Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope
• Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope
• Policies are applied in the order of their appearance, from the top down

Policy configuration example

<policies>
    <inbound>
        <rate-limit calls="5" renewal-period="60" />
        <quota calls="100" renewal-period="604800" />
        <base />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Policy expression

• Policy expressions augment the ability of API Management policies, providing a sophisticated means to control traffic and modify API behavior without requiring you to write any code or modifying any backend service
• Each expression has access to the implicitly provided context variable and an allowed subset of .NET Framework types
• Links:
  • Cheatsheet: https://github.com/Azure/api-management-policy-snippets/blob/master/policy-expressions/README.md
  • https://docs.microsoft.com/en-us/azure/api-management/api-management-policy-expressions
  • https://docs.microsoft.com/en-us/azure/api-management/api-management-advanced-policies
  • https://azure.microsoft.com/ja-jp/blog/policy-expressions-in-azure-api-management/

Syntax

• Single statement expressions: @(expression)
• Multi-statement expressions: @{expression}

Examples

<authentication-basic username="@(context.User.Id)">

<set-variable name="isIOS" value="@(context.Request.Headers["User-Agent"].Contains("iPad") || context.Request.Headers["User-Agent"].Contains("iPhone"))" />

Policy hierarchy

• Product level
  • API level (overrides product level config.)
• To keep parent level config, use <base>

<policies>

    <inbound>
        ... ...
        <base />
    </inbound>

    ... ...
	
</policies>

Adding Policy to Product

• Go to resource groups: https://portal.azure.com/#blade/HubsExtension/BrowseResourceGroups
• Select resource group > API Management service
• APIs section > Products > Select target product
• Policies > Edit xml as you need
• Save

Product level policy will be appliet to all APIs of that product

Adding policy to all APIs

• Go to resource groups: https://portal.azure.com/#blade/HubsExtension/BrowseResourceGroups
• Select resource group > API Management service
• APIs section > APIs > All APIs
• Click on </>
• Edit xml > Save

Add policy to an operation

• Go to resource groups: https://portal.azure.com/#blade/HubsExtension/BrowseResourceGroups
• Select resource group > API Management service
• APIs section > APIs > select target API
• Select target operation > Click on </> (inbound, outbound or backend)
• Edit xml > Save