Policies enable you to enforce regulations to help manage security, control traffic, and improve adaptability of your APIs. For example, a policy can control authentication, access, allotted consumption, and service level access (SLA).
You can implement all these regulations with no modification to the code implementation. Mulesoft provides ready-to-use default policies that are shipped with the product. Additionally, you can create custom policies based on your specific business requirements.
You can apply policies to any HTTP-based APIs, such as:
An APIkit project
For example, deploy the APIkit project to Anypoint Platform using API Autodiscovery, and then apply a policy.
An API running on CloudHub
Design an API on Anypoint Platform, configure a proxy for Cloudhub, and apply a policy.
An API running on Anypoint Runtime Fabric
Design an API on Anypoint Platform, configure a proxy for Runtime Fabric, and apply a policy.
An API deployed to a private or cloud-based Mule runtime engine (Mule) 3.8.x or later
You can apply a policy to any API implemented in Anypoint Platform, as long as the API is exposed through an HTTP listener. You can also apply a policy to APIs not implemented in Anypoint Platform by deploying a proxy application to control how and when a received request is forwarded to its implementation endpoint. Anypoint API Manager supports RAML, HTTP, or SOAP-based proxies.
When applying a policy with SLA, you can set an API alert to notify you when an API request violates that policy. By default, a policy applies to the entire API, filtering traffic requests to every resource and method. You can configure this to provide resource-level granularity if needed.
In Mule 3.8.0 and later, you can enhance security through policies by using Gatekeeper, which disables an API until all online policies are applied.
Help us improve with your feedback.