About Resource Level Policies (Nov 2017 and Jul 2017)

Jul 2017: Using Mule 3.8.1 and later, you can apply one or more MuleSoft-provided policies to the resource- and method-levels of an API that meets the following conditions:

  • The API has a RAML endpoint.

  • You create the API using APIkit or a RAML proxy.

Using APIkit, you can create a RAML-based API and configure a Basic Endpoint, or you create the RAML-based API and configure the Endpoint with a Proxy in the case of an existing API.

Nov 2017: Resource level policy support includes RAML and HTTP APIs.

A policy applied at a resource level affects all methods, or selected methods, within the resource.

methods resources

You need to add some code to existing custom policies to support this capability.

You can apply multiple conditions to filter your resources and methods. The URI template regex can be applied to one, many or all the methods that your API has.

Unsupported Policy (Nov 2017)

You cannot apply the CORS policy to resources.

Unsupported Policies (Jul 2017)

You cannot apply the following policies to resources:

  • Cross-Origin Resource Sharing

  • LDAP Security Manager

  • Simple Security Manager

Usage Scenarios

The uses for resource level policies are limited mainly by your imagination. Here are a few possibilities:

  • Applying policies to specific resources

  • Securing a subset of an API

  • Setting different limits on resources

Nov 2017: If you have a RAML spec attached to your API, click Preview Resource Matching to check which resources your filters affect.