Ordering Policies
To execute certain policies before others, configure the order of execution of included and custom policies.
You can configure both included and custom policies to execute as automated policies or API-level policies. Automated policies are policies that are applied to all API instances deployed on the Flex Replica and execute before API-level policies. API-level policies are policies that are only applied to a specific API instance.
For Flex Gateway running in Connected Mode, use API Manager to order policies. For Flex Gateway running in Local Mode, use a PolicyBinding
YAML resource to order policies.
You cannot configure the execution order of the Cross-Origin Resource Sharing (CORS) policy. The CORS policy executes before automated and API-level policies. |
Policy Execution Order
Policies can either execute on the API request, the API response, or both. Policies execute in order during the API request and in inverse order during the API response. If a policy does not execute in a certain direction, Flex Gateway skips the policy in that direction.
For example, if you have four policies ordered:
-
Automated Policy 1
-
Automated Policy 2
-
API-Level Policy 1
-
API-Level Policy 2
The policies execute in the following order on the response:
-
API-Level Policy 2
-
API-Level Policy 1
-
Automated Policy 2
-
Automated Policy 1
Order Automated Policies in Connected Mode
You cannot configure the order of automated policies in API Manager. Automated policies execute in the order they are applied to the API instance. Apply automated policies in the order you want them to execute.
Order Automated Policies in Local Mode
To apply a automated policy to Flex Gateway running in Local Mode, you must apply a resource-level policy. By doing so, you can apply the same policy to all API instances running on the Flex Replica.
To apply a resource-level policy to all API instances, refer to Secure an API with an Automated Resource-Level Policy.
To order automated resource-level policies, edit the order
parameter to match when you want the policy to execute. Ensure that this order does not conflict with the order of any other policies. For example, if you apply two automated resource-level policies with order: 1
and order: 2
, any API-level policy must start at order: 3
.
Order API-Level Policies in Connected Mode
To reorder API-level policies in Flex Gateway running in Connected Mode:
-
Go to Anypoint Platform > API Manager.
-
In API Administration, click the name of the API instance whose policies you want to reorder.
-
From the left navigation menu, click Policies.
-
From the top of the list of the applied policies, click Reorder policies.
-
From the Reorder Applied Policies section, use the up and down arrows to rearrange the order of policies.
-
Click Apply order.
Order API-Level Policies in Local Mode
In Flex Gateway running in Local Mode, configure policy ordering via a PolicyBinding
YAML resource.
When defining a policy using a PolicyBinding
YAML resource, edit the order
parameter to match when you want the policy to execute. Ensure that you do not assign the same order number to different policies.
For information about Local Mode policy order, see the Declarative Configuration Reference Guide.