The implementation section

The landing section allows for API policies to be implemented on an API.

An API policy is, in essence, a configurable rule that is enforced at runtime when the API is called. Policies come in many flavors and for different purposes. A mature API management offering should provide a variety of policies to ensure that several needs can be satisfied, such as authentication, authorization, key validation, throttling, and routing, to name a few.

The management portal comes with twenty-one predefined policies (at the time this book was written based on API Platform Cloud Service version 17.3.3), grouped in 5 main categories. Policies can be applied to request and response payloads in HTTP methods: GET, POST, PUT, and DELETE.

Refer to the following link for the latest list of available policies:
https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfad/implementing-apis.html#GUID-99A486F8-6A5C-4E62-9E20-B641790509EA.

The policies that can be applied to request payloads are as following:

1. Security: policies that focused on enforcing authentication, authorization, key validation, and other thread protection policies such as IP filtering and cross-origin resource sharing (CORS):

Implementation section–security policies

1. Traffic management: this group of policies deliver capabilities to throttle and limit the number of API calls made by consumers based on multiple criteria. In other words, handle the volume of traffic sent to the API. This type of policy can as well be useful to prevent against denial of service attacks (DoS). The following screenshot shows the Traffic Management policies as shown in the management portal:

Implementation section–traffic management policies

1. Interface management: Policies that deliver capabilities to manage what and how HTTP resources (that is, /<resource>), methods (GET, POST, DELETE, UPDATE) and payloads can be accessed. The following screenshot shows the Interface Management policies as shown in the management portal:

Implementation section–interface management policies

1. Routing: Policies focused on routing HTTP calls to service endpoints based on multiple criteria such as HTTP header values, the specific gateway handling the traffic, the application calling the API or based on HTTP resource accessed. The following screenshot shows the Routing policies as shown in the management portal:

Implementation section–routing policies

1. Other: Complementary policies that deliver additional capabilities that don't fall in any of the above categories like for example service callouts, logging, and custom policies based on groovy scripting. The following image shows the Other policies as shown in the management portal:

Implementation section–other policies

For an example on how to implement API policies refer to Chapter 6, Defining Policies for APIs.

For further information on policies available in management portal and how to implement them, please refer to the following link:
https://docs.oracle.com/en/cloud/paas/api-platform-cloud/apfad/implementing-apis.html#GUID-1EE65B88-5050-4AFE-8F53-4B256D4E2AA3