Send Docs Feedback

Python Script policy

  About | Samples | Element reference | Usage notes | Related topics


The Python Script policy lets you add customized Python functionality to your API proxy flow, especially when the functionality you need is beyond what the Edge out-of-the-box policies provide.


This policy can be attached in the following locations, but see the notes following the table for specific guidance.

ProxyEndpoint TargetEndpoint
    PreFlow Flow PostFlow PreFlow Flow PostFlow    
    PostFlow Flow PreFlow PostFlow Flow PreFlow    


Python Script policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Script name="Python-1">

In this example, the element, ResourceURL specifies the relevant Python script resource.

Python Script

This shows what you might include in the python script itself.

import base64

username = flow.getVariable("request.formparam.client_id")
password = flow.getVariable("request.formparam.client_secret")

base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
authorization = "Basic "+base64string


Element reference

Configure the Python Script policy using the following elements.

The name attribute for this policy is restricted to these characters: A-Z0-9._\-$ %. However, the Management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.

Field Name Description
ResourceURL Specifies the name of the Python script stored in the API proxy under /resources/py. Note: the filename must match exactly or an InternalClassification error will be thrown at runtime.
IncludeURL (Optional) You can include zero or more of these elements. Each element should specify a single Python script in the same form as the ResourceURL element. Scripts are evaluated in the order in which they appear in the policy.

Usage notes

A Python policy contains no actual code. Instead, a Python policy references a Python 'resource' and defines the Step in the API flow where the Python script executes. You can upload your script through the Management UI proxy editor, or you can include it in the /resources/py directory in API proxies that you develop locally.

System calls, for example network I/O, filesystem read/writes, current user info, process list, and CPU/memory utilization are not permitted by the security model. Although some such calls may be functional, they are unsupported and liable to be actively disabled at any time. For forward compatibility, you should avoid making such calls in your Python scripts.

Related topics

For working samples of API proxies, see the Samples reference.


Help or comments?

  • If something's not working: Ask the Apigee Community or see Apigee Support.
  • If something's wrong with the docs: Click Send Docs Feedback on this page.
    (Incorrect? Unclear? Broken link? Typo?)