Introduction To Azure API Management Policy

In this article will cover about Azure API Management policies and some brief introduction and some example around that.

There are multiple things in API-M and policy is also like inbound policy (CORS, rate-limiting, filtering) and outbound is like to update response or something around that. Also policy apply to multiple level like API-M level base policy, API level and API operation level.

There are total 3 Level of policy.

1. API-M Level policy

This policy applied to all API that part of API-M management and also called base policy. Later will see how it get include in API level and operation level. image.png

2. API Level Policy

This policy applied to API level and all of its operations. Also at this level it is possible to inherit the base policy that applied to API-M or say global policy at API-M level.

In following image at Inbound policy section, it display "base" so it will inherit the API-M level policy and for that there is configuration for CORS.

image.png

Also it is completely possible to add new policy and that specific to this API only. image.png

It is also possible to remove base policy so only new set of policy or explicit policy apply to specific API.

3. Operation Level Policy

This policy applied to specific operation level. At this level same as API level , possible to inherit the base policy or apply explicit policy. Here if base specify then it inherits from API level policy.

image.png

For other operation different policy along with base policy.

image.png

Also it is possible to remove base policy.

Conclusion

Overall it is simple and Azure API Management service provide quite granular support for policy and its applicability. Also it helps to understand and debug while working with API-M management service.

Next article will focus some more part on this in context of DevOps.