API Management policy samples

Policies are a powerful capability of the system that allows the publisher to change the behavior of the API through configuration. Policies are a collection of statements that are executed sequentially on the request or response of an API. The following table includes links to samples and gives a brief description of each sample.

Inbound policies
Add a Forwarded header to allow the backend API to construct proper URLs Demonstrates how to add a Forwarded header in the inbound request to allow the backend API to construct proper URLs.
Add a header containing a correlation id Demonstrates how to add a header containing a correlation ID to the inbound request.
Add capabilities to a backend service and cache the response Shows how to add capabilities to a backend service. For example, accept a name of the place instead of latitude and longitude in a weather forecast API.
Authorize access based on JWT claims Shows how to authorize access to specific HTTP methods on an API based on JWT claims.
Authorize requests using external authorizer Shows how to use external authorizer for securing API access.
Authorize access using Google OAuth token Shows how to authorize access to your endpoints using Google as an OAuth token provider.
Generate Shared Access Signature and forward request to Azure storage Shows how to generate Shared Access Signature using expressions and forward the request to Azure storage with rewrite-uri policy.
Get OAuth2 access token from AAD and forward it to the backend Provides and example of using OAuth2 for authorization between the gateway and a backend. It shows how to obtain an access token from AAD and forward it to the backend.
Get X-CSRF token from SAP gateway using send request policy Shows how to implement X-CSRF pattern used by many APIs. This example is specific to SAP Gateway.
Route the request based on the size of its body Demonstrates how to route requests based on the size of their bodies.
Send request context information to the backend service Shows how to send some context information to the backend service for logging or processing.
Set response cache duration Demonstrates how to set response cache duration using maxAge value in Cache-Control header sent by the backend.
Outbound policies
Filter response content Demonstrates how to filter data elements from the response payload based on the product associated with the request.
On-error policies
Log errors to Stackify Shows how to add an error logging policy to send errors to Stackify for logging.