Oracle by Example brandingApplying API Policies

section 0Before You Begin

This 20-minute tutorial shows you how to add policies to an API and deploy the API in Oracle API Platform Cloud Service.

In this series of tutorials, you learn how to implement APIs. This is the last tutorial in Implementing APIs in Oracle API Platform Cloud Service. Read the tutorials in the order listed.

Background

In Oracle API Platform Cloud Service, you can apply API policies to secure, limit, and route requests sent to APIs. If the API requests do not meet the API policy criteria you specify, requests to APIs are rejected. A service account contains credentials. Policies using outbound calls or routing, refer to the account to provide the necessary credentials.

In this series of tutorials, you are an API manager working for the NexGen Company and you are given a task of creating service accounts and issuing service grants and applying policies to the Warranty Claims API. In this tutorial, you apply various policies to the Warranty Claims API that helps handle warranty claim tickets.

What Do You Need?

  • Completion of the previous tutorial so that you have:
    • Created a service account and a service
    • Access to the Warranty claim service or any other service as a user with the Manage Service or Reference Service grant
  • Access to the Warranty Claim API or any other published API
  • An active gateway

section 1Add a Key Validation Policy

Add a key validation policy to allow requests to your API only from registered applications. At runtime, if the key is not present in the given header or query parameter, or if the application is not registered, the request is rejected.

  1. In the Management Portal navigation menu, click APIs.
  2. On the APIs page, click the Warranty Claim API.
  3. Click API Implementation Illustration of API Implementation button.
  4. In the Available Policies region, expand Security.
  5. Hover the mouse pointer over Key Validation, and then click Apply.
    Oracle API Platform Cloud Service Management Portal API Implementation screen
    Description of the illustration key-validation_apply-api-policy.png
  6. In the Apply Policy dialog, do the following, and click Next Illustration of Next button.
    • Your Policy Name: Enter Warranty Claim Key Validation.
    • Comments: Enter This is the key validation policy for the Warranty Claim API.
    • Place after the following policy: Select API Request.
  7. On the next screen of the Apply Policy dialog, do the following, and then click Apply:
    • Key Delivery Approach: Select Query Parameter.
    • Key Query Parameter: Enter WarrantyClaim.
  8. On the Warranty Claim API page, click Save.

    The Request tab lists the Key Validation policy for the API.

section 2Add an API Rate Limiting Policy

Use an API rate limiting policy to limit the total number of requests your API allows in a specified period. You can specify the period in seconds, minutes, hours, days, weeks, or months.

  1. In the Available Policies region of the Warranty Claim API, expand Traffic Management.
  2. Hover the mouse pointer over API Rate Limiting, and then click Apply.
  3. In the Apply Policy dialog, do the following, and then click Next Illustration of Next button.
    • Your Policy Name: Enter Warranty Claim API Rate Limiting.
    • Comments: Enter This is the API rate limiting policy for the Warranty Claim API.
    • Place after the following policy: Select Warranty Claim Key Validation.
  4. On the next screen of the Apply Policy dialog, do the following, and then click Apply:
    • Allow API Rate Limiting: Select per Logical Gateway.
    • API Rate Limit: Enter 100.
    • Time Interval: Select Second.
  5. On the Warranty Claim API page, click Save.

    The Request tab lists the API Rate Limiting policy for the API.

section 3Add a Resource-Based Routing Policy

Use the Resource-based routing policy to route requests to specific resource paths to different service request URLs.

  1. In the Available Policies region of the Warranty Claim API, expand Routing.
  2. Hover the mouse pointer over Resource Based Routing, and then click Apply.
  3. In the Apply Policy dialog, do the following, and then click Next Illustration of Next button.
    • Your Policy Name: Enter Warranty Claim Resource Based Routing.
    • Comments: Enter This is the resource based routing policy for the Warranty Claim API.
    • Place after the following policy: Select Warranty Claim API Rate Limiting.
  4. Under Resource Configuration, enter the resource path as /warrantyclaim.

    5. The resource path field does not appear when the API does not have Apiary Specification. If the resource path field does not appear, select Manual under Resource Paths, click Select Resources, then enter the resource path as /warrantyclaim.

  5. In the Service section, select Select Existing, then click Select Service.
  6. Select Warranty claim service as a service, and then click Select.
  7. In the Otherwise section, select Keep Default Service Request.
  8. Click Apply.
  9. On the Warranty Claim API page, click Save.

    10. The Request tab lists the Resource Based Routing policy for the API.

section 4Add a Header Validation Policy

Add a header validation policy to pass or reject requests based on the condition specified for headers.

  1. In the Available Policies region of the Warranty Claim API, expand Interface Management.
  2. Hover the mouse over Header Validation, and then click Apply.
  3. In the Apply Policy dialog, do the following, and then click Next Illustration of Next button.
    • Your Policy Name: Enter Warranty Claim Header Validation.
    • Comments: Enter This is the header validation policy for the Warranty Claim API.
    • Place after the following policy: Select Warranty Claim Key Validation.
  4. Select the following to set a policy to pass request if all header conditions are met:
    • From the first drop-down list, select Pass.
    • From the second drop-down list, select All.
  5. Enter the following to set the header condition as warranty years <=5 years.
    • Name: Enter warranty years.
    • Operator: Select <=.
    • Value: Enter 5.
  6. Click Add a new condition Illustration of add button, and enter the following to set the header condition as amount <=1000.
    • Name: Enter amount.
    • Operator: Select <=.
    • Value: Enter 1000.
    Oracle API Platform Cloud Service Management Portal Add Header Validation Policy screen
    Description of the illustration header-validation_apply-api-policy.png
  7. Click Apply.
  8. On the Warranty Claim API page, click Save.

    The Request tab lists Header Validation policy along with other policies for the API.

    Oracle API Platform Cloud Service Management Portal API Implementation screen with all policies applied
    Description of the illustration all-policies_apply-api-policy.png

section 5Deploy the API

Deploy the endpoint for your API to a gateway.

  1. In the navigation pane of the Warranty Claim API page, click Deployments Illustration of deploy button.
  2. On the Deployments page, click Deploy API.
  3. In the Deploy API dialog, select Production Gateway to deploy the API.
  4. For Initial Deployment State, select Active.
  5. Click Deploy.

    The Warranty Claim API is deployed.

more informationWant to Learn More?