Hear from Salesforce leaders on how to create and deploy Agentforce agents.
Register now
Contact Us 1-800-596-4880
  1. Homepage
  2. Flex Gateway
  3. Securing and Governing Flex Gateway APIs

  4. Ordering Policies

Ordering Policies

To execute certain policies before others, configure the order of execution of included and custom policies.

You can configure both included and custom policies to execute as automated policies, API-level policies, or upstream-level policies. Automated policies are policies that are applied to all API instances deployed on the Flex Replica and execute before API-level policies. API-level policies are inbound policies that are only applied to a specific API instance. Upstream level policies are outbound policies applied to specific upstreams.

For Flex Gateway running in Connected Mode, use API Manager to order policies. For Flex Gateway running in Local Mode, use a PolicyBinding YAML resource to order policies.

You cannot configure the execution order of the Cross-Origin Resource Sharing (CORS) policy. The CORS policy executes before automated and API-level policies.

Policy Execution Order

Policies can either execute on the API request, the API response, or both. Policies execute in order during the API request and in inverse order during the API response. If a policy does not execute in a certain direction, Flex Gateway skips the policy in that direction. For API requests, policies execute in the order of automated policies, API-level policies, and outbound policies. The order is inverted for the response.

For example, if you have policies ordered:

  1. Automated Policy 1

  2. Automated Policy 2

  3. API-Level Policy 1

  4. API-Level Policy 2

  5. Upstream-Level Policy 1

  6. Upstream-Level Policy 2

The policies execute in the following order on the response:

  1. Upstream-Level Policy 2

  2. Upstream-Level Policy 1

  3. API-Level Policy 2

  4. API-Level Policy 1

  5. Automated Policy 2

  6. Automated Policy 1

Order Automated Policies in Connected Mode

You cannot configure the order of automated policies in API Manager. Automated policies execute in the order they are applied to the API instance. Apply automated policies in the order you want them to execute.

Order Automated Policies in Local Mode

To apply a automated policy to Flex Gateway running in Local Mode, you must apply a resource-level policy. By doing so, you can apply the same policy to all API instances running on the Flex Replica.

To apply a resource-level policy to all API instances, refer to Secure an API with an Automated Resource-Level Policy.

To order automated resource-level policies, edit the order parameter to match when you want the policy to execute. Ensure that this order does not conflict with the order of any other policies. For example, if you apply two automated resource-level policies with order: 1 and order: 2, any API-level policy must start at order: 3.

Order Inbound API-Level Policies for Managed Flex Gateway and Connected Mode

To reorder API-level policies:

  1. Go to Anypoint Platform > API Manager.

  2. In API Administration, click the name of the API instance whose policies you want to reorder.

  3. From the left navigation menu, click Policies.

  4. From the top of the list of the applied policies, click Reorder policies.

  5. From the Reorder Applied Policies section, use the up and down arrows to rearrange the order of policies.

  6. Click Apply order.

Order Outbound Policies for Managed Flex Gateway and Connected Mode

To reorder outbound policies:

  1. Go to Anypoint Platform > API Manager.

  2. In API Administration, click the name of the API instance whose policies you want to reorder.

  3. From the side navigation panel, click Policies.

  4. Click the Outbound policies tab.

  5. Click the more options button (1%) of the upstream service whose policies you want to reorder.

  6. Use the up and down arrows to rearrange the order of policies.

  7. Click Apply order.

Order Policies in Local Mode

In Flex Gateway running in Local Mode, configure policy ordering via a PolicyBinding YAML resource.

When defining a policy using a PolicyBinding YAML resource, edit the order parameter to match when you want the policy to execute. Ensure that you do not assign the same order number to different policies.

For information about Local Mode policy order, see the Declarative Configuration Reference Guide.

See Also