Was this helpful?

Apigee Edge provides a range of out-of-the-box policy capabilities that address common API management requirements. However, there are some cases where your API requires custom behavior that is not covered by Edge standard policy palette. To support these requirements, Edge exposes scripting interfaces to ease the task of implementing custom behaviors in the proxied API message flow. One approach is to attach your own JavaScript to an API flow, which Edge then executes at runtime.

A JavaScript policy contains no actual code. Instead, a JavaScript policy references a JavaScript 'resource' and defines the Step in the API flow where the JavaScript executes. The JavaScript resource that is referenced by the the JavaScript policy can be stored in the API configuration bundle, or it can be stored in the environment or organization. For instructions, see Resource files. You can also upload your JavaScript through the management UI proxy editor.

JavaScript resources are always stored under the /resources/jsc directory, and must also always have the .js extension. The /jsc directory indicates that this JavaScript will be compiled.

For instructions, policy samples, and JavaScript samples, see Programming API proxies with JavaScript .

For instructions on building and deploying full-fledged JavaScript apps for Apigee Edge, see the Implementing HTTP clients in JavaScript.


The JavaScript policy below demonstrates a basic JavaScript policy that attaches a JavaScript resources called test.js. It also includes two libraries that test.js depends on: crypto.js and json2.js.

<Javascript name="ScriptPolicy1" timeLimit="200" > 

Configuring a JavaScript policy

Configure the JavaScript policy using the following elements.

Field Name Description
Display Name The name attribute of the JavaScript policy
Execution Time Limit Specifies the maximum time (in milliseconds) that the script is permitted to execute. For free trial accounts, execution time is limited to 200 ms.
Resource (JavaScript file) Specifies the JavaScript resource (file), stored under /apiproxy/resources/jsc, that implements the JavaScript object model
(JavaScript file)
Specifies a JavaScript library to be loaded as dependency. The scripts will be evaluated in the order in which they are listed in the policy.  

Policy-specific error codes

The default format for error codes returned by Policies is:

  "code" : " {ErrorCode} ",
  "message" : " {Error message} ",
  "contexts" : [ ]

The Javascript Policy type defines the following error codes:

Error Code Message
ScriptExecutionFailed Execution of {0} failed with error: {1}
ScriptExecutionFailedLineNumber Execution of {0} failed on line {2} with error: {1}
ScriptCompilationFailed Compilation of JavaScript {0} failed with error:{1}. Context {2}
NoResourceForURL Could not locate a resource with URL {0}
WrongResourceType Resource {0} is the wrong type. It is {1}: but Javascript steps use type jsc:

Policy schema

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Add new comment

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.