Anonymous Authenticator Policy

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.

Allows anonymous access based on a role. This policy identifies the requester by the client IP address and assigns a role. You must configure the Authorize By Role policy to authorize that role. Because the Anonymous Authenticator Rule allows anyone to access an API, consider combining this policy with a Client throttle policy to avoid overloading a Snaplex with too many requests.

The Anonymous Authenticator policy works well to provide read-only access to resources.

Policy execution order

This policy executes after the other authentication policies. For example, the API Key or Callout Authenticator policies, where the client provides a token for access.


Field/Field set	Description
When this policy should be applied	An expression that defines one or more conditions that must be true for the policy to execute. Default value: True Example: The expression `request.method == "GET"` causes the policy to execute only on `GET` requests.
Role	One or more roles to assign to the caller. Rules such as Client Throttling or Authorize by Role can reference these roles.
Description	Default value: `Authenticating anonymous requests as specified role`