About Policies

A policy extends the functionality of an API and enforces certain capabilities such as security. A policy can control access and traffic without modification to the API implementation. Custom policies can provide other capabilities, such as encrypting and logging.

Policies applied to APIs in the latest release of API Manager are the same as those in the earlier release with a few exceptions.

Classloader isolation exists between the application, the runtime and the connectors, and policies. To fulfill the isolation requirement, policies are self-contained and packaged to include libraries needed for execution, similar to an application.

Policies are non-blocking. You can order all policies except CORS which takes precedence over others.

In this topic:

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.