Resource-Level Policies
Unless otherwise configured, policies are by default applied to the entire API. However, you can implement an additional level of policy granularity, one in which access is controlled based on a criteria. Policies with this granularity are called resource-level policies.
At the resource level of granularity, policies are applied to only those requests that match the criteria. All policies, except the Cross-Origin Resource Sharing (CORS) policy, are resource-level.
For Flex Gateway running in Connected Mode, you configure resource-level policies in API Manager.
For information about configuring resource-level policies for Flex Gateway running in Local Mode, refer to Secure an API with an Automated Resource-Level Policy.