Applying a Policy

You can apply policies on a private server using API Manager, or download policies to API Gateway runtime, Mule 3.8.0, or later usingAnypoint Platform agent. Policies are stored in runtime or policies folder. Each runtime is configured with the Client ID and Client Secret for the API Manager account. This defines the connection between the Anypoint Platform agent and the Anypoint Platform account.


Before you add, remove, or apply policies, ensure that you have: * An Organization Administrator or API Versions Owner role * An API URL

+ To set the API URL, go to the Status click Configure Endpoint on the API version details page, and set an Implementation URI.

Use an HTTP endpoint instead of Jetty if you want to use the Rate limiting and Throttling policies. Due to a limitation in the Jetty transport, Rate limiting and Throttling policies do not work on an API that uses a Jetty inbound endpoint.

Applying and Removing Policies

After setting an API URL for an API version, you can use controls in Applications, Policies, and SLA Tiers. When you click Apply New Policy, a list of MuleSoft-provided policies and any custom policies added by your organization appears.

If another policy is already applied that fulfils your requirement or if another policy is required as a prerequisite to apply the current policy, the Apply button is not enabled.

Ordering Policies

You can set the order in which the policies are run, if you are using one of the following releases:

  • Studio 6.0 or later for creation, deployed to Anypoint Platform with Autodiscovery

  • Mule 3.8 unified runtime or later

  • API Gateway Runtime 2.2.0 or later

Default Enforcement Order of Policies

On the API version details page, the default order of a policy appears when you choose Policies, and click > to expand the controls for the policy. Custom policies that do not have an order configured are executed after MuleSoft-provided policies.

Policy Logs

The logs maintain the activities of a policy. The following log shows the order of policies:

INFO  2015-09-28 15:37:54,214 [[leagues-rest].httpListenerConfig.worker.01] org.mule.api.processor.LoggerMessageProcessor: POLICY A
INFO  2015-09-28 15:37:54,214 [[leagues-rest].httpListenerConfig.worker.01] org.mule.api.processor.LoggerMessageProcessor: POLICY B

When an Organization Owner defines the order of policy enforcement, conflicts can occur if existing API Owners have set policies on their APIs. The API Manager notifies both parties in the event of a conflict. An API Owner needs to update policies and resolve any conflicts.

Policy Polling Time

The policy polling time is 60 seconds. A minimum 60-second delay now occurs between the time you apply a policy from the UI and the time that the policy goes into effect. The same delay occurs when you disable, edit or change the order of a policy.

Contracts Polling Time

The contracts polling time is 15 seconds. A minimum 15-second delay now occurs between the time you apply a contract from the UI and the time that the contract goes into effect. The same delay occurs when you change the status of a contract (e.g.: revoke).

Configuring the APIkit Console for Policies

You can apply policies to both the API and the console, or to the API only.

The configuration of the console determines how the RAML-based, auto-generated proxy is configured.

Was this article helpful?

💙 Thanks for your feedback!

Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!