Create a Policy

Policies can contain rules to validate, authorize, authenticate, and transform requests and shape and transform responses. Inbound rules, Outbound rules, and Response rules describe the available rules.

It's good practice to have an idea of which Services will use the Policy. This will help you decide on which rules to add and how to configure them. A good descriptive name is also important, especially if other Service developers can reuse it.

  1. Navigate to the Policy Catalog.
  2. Click New Policy. The Policy builder with a policy named New policy displays.
  3. Click in the New Policy title and name your Policy
  4. To add a rule:
    1. Click the plus icon for the category of rule to add:

      Policy Builder

      The category panel opens. For example, the following shows the available Validation rules:
      Validation rules

    2. Click the rule to add.
      The rule settings panel displays. For example, the following shows Inbound TLS settings:
      Validation rules

    3. Optionally configure an expression with the condition that must be true for the rule to be applied. Without an expression, rules apply to all requests by default.
      For example, the expression request.method == "GET" causes the rule to execute only on GET requests.
    4. Configure the appropriate settings. Refer to Rule reference for explanations of the fields for each rule.
    5. Click Validate & Save.
  5. Repeat the previous steps to add other rules to this Policy.
  6. Optionally, to supply account information for an authentication rule, click Add Account.
  7. When the policy contains all required rules and accounts, click Save.
  8. Choose the project in which to save the Policy.
  9. Click Save.