Contact Us 1-800-596-4880

Applying Automated Policies

Users with Organization Admin, Environment Admin, or with a role to Manage Policies in the environment can create, edit and delete Automated Policies.

Apply an Automated Policy in Connected Mode

To apply an automated policy:

  1. In API Manager, select Automated Policies from the left navigation menu.

  2. Click Apply new automated policy.

  3. Select the provided policy that you want to configure as a provided policy.

    You can configure any included policies as an automated policy.

    See the Included Policies Directory to learn how to configure each one of them, or Custom Policies to learn how to create one.

    If you are configuring a type of policy that also exists as a provided policy in an API proxy affected by your rule of application, you’ll need to solve the conflict before continuing. Refer to the Conflict Management section below for more information on how to solve them.

  4. Click Apply

It’s recommended to apply an automated policy in a lower environment before applying in a production environment and ensure to review that an automated policy doesn’t affect the existing API contracts.

Conflict Management

Since automated policies have priority over API-level policies, when adding an automated policy that it is already applied as an API-level policy, on an API deployed using the selected runtime range, a conflict results.

When a conflict is detected, a popup with the list of conflicting APIs displays. A message will be shown with the first 10 APIs with conflicts and the total amount. You can use this endpoint to access the list of all APIs:

curl -X GET \{groupId}/{assetId}/conflicting-apis \
-H 'Authorization: Bearer {token}'

To solve conflicts, you can either select the APIs from the list of already configured APIs and manually disable or remove the conflicting policy or choose to override all conflicting policies for the already configured APIs. If this last option is chosen the conflicting policies in the APIs will be disabled. If Automated Policy is removed, the API policy will be re-enabled automatically.

Deploying New APIs

When managing new APIs, you can see information regarding the status of the automated policies applied to your environment in the Policies tab. No automated policies are shown until the application is in Active status.
After the application is deployed, a list of applied automated policies will be listed in the Policies tab of the API.

Users with View Policies role for the environment will able to see the list of automated policies applied.

Viewing Coverage Status

View the Coverage status of an API instance to see if an automated policy covers your API instance or why it doesn’t. Typically, instances are not covered due to their runtime type or runtime version.

To view what API instances are covered by an automated policy:

  1. Navigate to Anypoint Platform > API Manager.

  2. In API Administration, click Automated Policies.

  3. Click the more options button (1%) of the policy whose coverage you want to view, and then click See covered APIs.

  4. View the API instance’s coverage status in the Coverage status column.

To filter by coverage status, click the coverage status dropdown and select a coverage status option.

Auditing Applied Policies

It is possible to audit and get a list of all affected APIs by an automated policy. Reports can be filtered by runtime version, and by an operation.

To get the list of all automated policies in an environment:

curl -X GET \{organizationId}/automated-policies?environmentId={envId} \
  -H 'Authorization: Bearer {token}'

To get the list of APIs included in the range of automated policy or APIs where the automated policy is not applied.

curl -X GET \{organizationId}/automated-policies/{automatedPolicyId}/apis \
-H 'Authorization: Bearer {token}'

Apply an Automated Policy in Local Mode

For information about applying an automated policy for Flex Gateway running in Local Mode, see Secure an API with an Automated Resource-Level Policy.