Contact Us 1-800-596-4880

Availability by Gateway

Policy Availability

Policy Flex Gateway Mule Gateway Service Mesh Summary

Basic Authentication: LDAP

Allows access based on the basic authorization mechanism, with user-password defined on LDAP

Basic Authentication: Simple

Allows access based on the basic authorization mechanism, with a single user-password

Client ID Enforcement

Allows access only to authorized client applications

Cross-Origin Resource Sharing (CORS)

Enables access to resources residing in external domains

Detokenization

Returns a tokenized value to its original value

External Authorization

Authenticates requests by using an external gRPC or HTTP authorization service

External Processing

Sends the incoming HTTP requests or outgoing HTTP responses to an external gRPC service for additional processing

Header Injection

Adds headers to a request or a response

Header Removal

Removes headers from a request or a response

Health Check

Monitors API upstream health at specific intervals

HTTP Caching

Caches HTTP responses from an API implementation

IP Allowlist

Allows a list or range of specified IP addresses to request access

IP Blocklist

Blocks a single IP address or a range of IP addresses from accessing an API endpoint

JSON Threat Protection

Protects against malicious JSON in API requests

JWT Validation

Validates a JWT

Message Logging

Logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint

OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider

Allows access only to authorized client applications

OAuth 2.0 Token Introspection

Allows access only to authorized client applications

OpenAM OAuth 2.0 Token Enforcement

Allows access only to authorized client applications

OpenID Connect OAuth 2.0 Access Token Enforcement

Allows access only to authorized client applications

PingFederate OAuth 2.0 Token Enforcement

Allows access only to authorized client applications

Rate Limiting

Monitors access to an API by defining the maximum number of requests processed within a period of time

Rate Limiting: SLA-based

Monitors access to an API by defining the maximum number of requests processed within a timespan, based on SLAs

Schema Validation

Validates incoming traffic against a supplied OAS3 schema

Spike Control

Regulates API traffic

Traffic Management for Multiple Upstream Services

Manages API instance traffic to multiple upstream services from a single consumer endpoint

Traffic Management for Multiple Upstream Services (Weighted)

Manages API instance traffic to multiple upstream services from a single consumer endpoint, using weighted percentages

Transport Layer Security (TLS) - Inbound

Enables authentication between a client and the API proxy

Transport Layer Security (TLS) - Outbound

Enables two-way authentication between the API proxy and an upstream service

Tokenization

Transforms sensitive data into a nonsensitive equivalent, named token

XML Threat Protection

Protects against malicious XML in API requests