| title | description | services | documentationcenter | author | manager | editor | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure API Management policy samples | Microsoft Docs |
Learn about the policies available for use in Azure API Management. |
api-management |
vladvino |
cflower |
api-management |
mobile |
na |
na |
sample |
10/31/2017 |
apimpm |
mvc |
Policies are a powerful capability of the system that allows the publisher to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. The following table includes links to samples and gives a brief description of each sample.
| Inbound policies | |
| Add a Forwarded header to allow the backend API to construct proper URLs | Demonstrates how to add a Forwarded header in the inbound request to allow the backend API to construct proper URLs. |
| Add a header containing a correlation id | Demonstrates how to add a header containing a correlation ID to the inbound request. |
| Add capabilities to a backend service and cache the response | Shows how to add capabilities to a backend service. For example, accept a name of the place instead of latitude and longitude in a weather forecast API. |
| Authorize access based on JWT claims | Shows how to authorize access to specific HTTP methods on an API based on JWT claims. |
| Authorize requests using external authorizer | Shows how to use external authorizer for securing API access. |
| Authorize access using Google OAuth token | Shows how to authorize access to your endpoints using Google as an OAuth token provider. |
| Generate Shared Access Signature and forward request to Azure storage | Shows how to generate Shared Access Signature using expressions and forward the request to Azure storage with rewrite-uri policy. |
| Get OAuth2 access token from AAD and forward it to the backend | Provides and example of using OAuth2 for authorization between the gateway and a backend. It shows how to obtain an access token from AAD and forward it to the backend. |
| Get X-CSRF token from SAP gateway using send request policy | Shows how to implement X-CSRF pattern used by many APIs. This example is specific to SAP Gateway. |
| Route the request based on the size of its body | Demonstrates how to route requests based on the size of their bodies. |
| Send request context information to the backend service | Shows how to send some context information to the backend service for logging or processing. |
| Set response cache duration | Demonstrates how to set response cache duration using maxAge value in Cache-Control header sent by the backend. |
| Outbound policies | |
| Filter response content | Demonstrates how to filter data elements from the response payload based on the product associated with the request. |
| On-error policies | |
| Log errors to Stackify | Shows how to add an error logging policy to send errors to Stackify for logging. |