Author: Chaitra Yajman

Using the API Manager API, you can apply different categories of policies. To access Platform APIs, you must obtain a token from either the login endpoint or using the OAuth authorization process. In this example, I am using the login endpoint.

1. Get access token:

To use platform API, you must be authenticated to make calls to this API. In order to authenticate using a username and password, you must invoke the /login API. This API receives a username and password via a JSON request. In return, you receive an access token that you can use to access APIs. The Content-Type header must be set to application/json.

Method: POST

This returns the following response and token:

After obtaining a token, you can access the API by supplying the token in the authorization header as shown in this example below:

Note: Provide XSRF-TOKEN header (only for postman request)

2.  To get environments list and Ids for particular organization:
Below URL returns the list of environments belonging to the organization along with the details of the suggested client management provider for those environment’s.
Method: Get
Authorization: Bearer Token
URI parameter: organizationId
Optional query parameter:
offset :The number of records to omit from the response.
limit: Maximum records to retrieve per request.

Returns the associated environments details. Based on the response for the desired environment APIs list can be obtained.

  1. Get the list of APIs:
    To know the list of APIs and its ids we can make use of the resource below which returns the associated APIs details for the desired environment.
    Method : Get
    Authorization: Bearer Token
    URI parameter: organizationId,environmentId
  1. To know policies which are applied to an API:
    Once we get the API list and its details before applying any policy we need to know about the list of policies which are already applied to an API. Following resources will get that detail.
    Method: GET
    URI parameter: organizationId,environmentId,environmentApiId
  1. Apply “IP whitelist” policy for an API:
    To apply a policy we need to provide required configuration details. For IP whitelist below details are to be provided in the request body.
	"configurationData": {
		"ipExpression": "#[attributes.remoteAddress]",
		"ips": [
	"id": 123456,
	"pointcutData": null,
	"policyTemplateId": 299246,
	"apiVersionId": 123456,
	"groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
	"assetId": "ip-whitelist",
	"assetVersion": "1.2.2"

Method: POST
URI parameter: organizationId,environmentId,environmentApiId

Once the policy is applied(created) below response is received with 201 status code.

Likewise rate-limiting and other policies also can be applied. Below is the sample request for the rate-limiting policy.

Leave a Comment