Apigee Edge provides a range of out-of-the-box policy capabilities that address common API management requirements. However, there are some cases where your API requires custom behavior that is not covered by Edge standard policy palette. To support these requirements, Edge exposes scripting interfaces to ease the task of implementing custom behaviors in the proxied API message flow. One approach is to attach your own JavaScript to an API flow, which Edge then executes at runtime.

A JavaScript policy contains no actual code. Instead, a JavaScript policy references a JavaScript 'resource' and defines the Step in the API flow where the JavaScript executes. The JavaScript resource that is referenced by the the JavaScript policy can be stored in the API configuration bundle, or it can be stored in the environment or organization. For instructions, see Resource files. You can also upload your JavaScript through the management UI proxy editor.

JavaScript resources are always stored under the /resources/jsc directory, and must also always have the .js extension. The /jsc directory indicates that this JavaScript will be compiled.

For instructions, policy samples, and JavaScript samples, see Programming API proxies with JavaScript .

For instructions on building and deploying full-fledged JavaScript apps for Apigee Edge, see the Implementing HTTP clients in JavaScript.


The JavaScript policy below demonstrates a basic JavaScript policy that attaches a JavaScript resources called test.js. It also includes two libraries that test.js depends on: crypto.js and json2.js.

<Javascript name="ScriptPolicy1" timeLimit="200" > 

Configuring a JavaScript policy

Configure the JavaScript policy using the following elements.

Field Name Description
name The name attribute of the JavaScript policy. Characters you can use in the name are restricted to: A-Z0-9._\-$ %. However, the Management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.
timeLimit Specifies the maximum time (in milliseconds) that the script is permitted to execute. For free trial accounts, execution time is limited to 200 ms.
IncludeURL Specifies a JavaScript library to be loaded as dependency. Store libraries under stored under /apiproxy/resources/jsc in your API proxy. The scripts will be evaluated in the order in which they are listed in the policy.
ResourceURL Specifies the JavaScript resource (file), stored under /apiproxy/resources/jsc, that implements the JavaScript object model

Policy-specific error codes

The default format for error codes returned by policies is:

  "code" : " {ErrorCode} ",
  "message" : " {Error message} ",
  "contexts" : [ ]

The Javascript Policy type defines the following error codes:

Error Code Message
ScriptExecutionFailed Execution of {0} failed with error: {1}
ScriptExecutionFailedLineNumber Execution of {0} failed on line {2} with error: {1}
ScriptCompilationFailed Compilation of JavaScript {0} failed with error:{1}. Context {2}
NoResourceForURL Could not locate a resource with URL {0}
WrongResourceType Resource {0} is the wrong type. It is {1}: but Javascript steps use type jsc:

Policy schema

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)