About Resource Level Policies
Using Mule 3.8.1 and later, you can apply one or more MuleSoft-provided policies to the resource- and method-levels of an API that meets the following conditions:
The API has a RAML endpoint.
You create the API using APIkit or a RAML proxy.
Using APIkit, you can create a RAML-based API and configure a Basic Endpoint, or you create the RAML-based API and configure the Endpoint with a Proxy in the case of an existing API.
A policy applied at a resource level affects all methods, or selected methods, within the resource.
You need to add some code to existing custom policies to support this capability.
You can apply multiple conditions to filter your resources and methods. The URI template regex can be applied to one, many or all the methods that your API has.
You cannot apply the following policies to resources:
Cross-Origin Resource Sharing
LDAP Security Manager
Simple Security Manager
The uses for resource level policies are limited mainly by your imagination. Here are a few possibilities:
Applying policies to specific resources
Securing a subset of an API
Setting different limits on resources