Contact Free trial Login


Policies enable you to enforce regulations to help manage security, control traffic, and improve adaptability of your APIs. For example, a policy can control authentication, access, allotted consumption, and service level access (SLA).

You can implement all these regulations with no modification to the code implementation. Mulesoft provides ready-to-use default policies that are shipped with the product. Additionally, you can create custom policies based on your specific business requirements.

You can apply policies to any HTTP-based APIs, such as:

  • An APIkit project

    For example, deploy the APIkit project to Anypoint Platform using API Autodiscovery, and then apply a policy.

  • An API running on CloudHub

    Design an API on Anypoint Platform, configure a proxy for Cloudhub, and apply a policy.

  • An API deployed to a private or cloud-based Mule runtime engine (Mule) 3.8.x or later

    You can apply a policy to any API implemented in Anypoint Platform, as long as the API is exposed through an HTTP listener. You can also apply a policy to APIs not implemented in Anypoint Platform by deploying a proxy application to control how and when a received request is forwarded to its implementation endpoint. Anypoint API Manager supports RAML, HTTP, or SOAP-based proxies.

When applying a policy with SLA, you can set an API alert to notify you when an API request violates that policy. By default, a policy applies to the entire API, filtering traffic requests to every resource and method. You can configure this to provide resource-level granularity if needed.

In Mule 3.8.0 and later, you can enhance security through policies by using Gatekeeper, which disables an API until all online policies are applied.