Securing Flex Gateway Instances with Policies

Policies enforce rules when Flex Gateway processes requests, enabling you to secure and govern your Flex Gateway API, agent, and tool instances.

MuleSoft provides policies that you can apply to your instances via Anypoint Platform or declarative configuration files. The provided policies include rate limiting, caching, authentication, authorization, threat protection, monitoring, and logging. For more information about MuleSoft-provided policies, see the Inbound Policies Directory and Outbound Policies Directory.

To extend existing functionality or define new functionality, create custom policies based on your specific business requirements. For information about creating custom policies, see Flex Gateway Policy Development Kit (PDK) Overview.

Automated policies enable your instances to comply with common security and logging requirements by automatically applying the same set of policies to all instances running in Flex Gateway. See Automated Policies for more information.

To apply a policy for Managed Flex Gateway or Connected Mode, see Applying Policies for Managed Flex Gateways and Connected Mode.

To apply a policy in Local Mode, see Applying Policies in Local Mode.

For information about policy reordering, see Ordering Policies.

For information about DataWeave support, see DataWeave Support in Flex Gateway Policies.