Policies enable you to enforce regulations to help manage security, control traffic, and improve adaptability of your APIs. For example, a policy can control authentication, access, allotted consumption, and service level access (SLA).

You can implement all these regulations with no modification to the code implementation. Mulesoft provides ready-to-use default policies that are shipped with the product. Additionally, you can create custom policies based on your specific business requirements.

You can apply policies to any HTTP-based APIs, such as:

  • An APIkit project

    For example, deploy the APIkit project to Anypoint Platform using API Autodiscovery, and then apply a policy.

  • An API running on CloudHub

    Design an API on Anypoint Platform, configure a proxy for Cloudhub, and apply a policy.

  • An API running on Anypoint Runtime Fabric

    Design an API on Anypoint Platform, configure a proxy for Runtime Fabric, and apply a policy.

  • An API deployed to a private or cloud-based Mule runtime engine (Mule) 3.8.x or later

    You can apply a policy to any API implemented in Anypoint Platform, as long as the API is exposed through an HTTP listener. You can also apply a policy to APIs not implemented in Anypoint Platform by deploying a proxy application to control how and when a received request is forwarded to its implementation endpoint. Anypoint API Manager supports RAML, HTTP, or SOAP-based proxies.

When applying a policy with SLA, you can set an API alert to notify you when an API request violates that policy. By default, a policy applies to the entire API, filtering traffic requests to every resource and method. You can configure this to provide resource-level granularity if needed.

In Mule 3.8.0 and later, you can enhance security through policies by using Gatekeeper, which disables an API until all online policies are applied.

Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!