Python Script policy
The Python Script policy lets you add customized Python functionality to your API proxy flow, especially when the functionality you need is beyond what the Edge out-of-the-box policies provide.
This policy can be attached in the following locations, but see the notes following the table for specific guidance.
Python Script policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Script name="Python-1"> <DisplayName>Python-1</DisplayName> <ResourceURL>py://myscript.py</ResourceURL> </Script>
In this example, the element, ResourceURL specifies the relevant Python script resource.
This shows what you might include in the python script itself.
import base64 username = flow.getVariable("request.formparam.client_id") password = flow.getVariable("request.formparam.client_secret") base64string = base64.encodestring('%s:%s' % (username, password))[:-1] authorization = "Basic "+base64string flow.setVariable("authorizationParam",authorization)
Configure the Python Script policy using the following elements.
name attribute for this policy is restricted to these characters:
A-Z0-9._\-$ %. However, the Management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.
|ResourceURL||Specifies the name of the Python script stored in the API proxy under
|IncludeURL (Optional)||You can include zero or more of these elements. Each element should specify a single Python script in the same form as the
A Python policy contains no actual code. Instead, a Python policy references a Python 'resource' and defines the Step in the API flow where the Python script executes. You can upload your script through the Management UI proxy editor, or you can include it in the
/resources/py directory in API proxies that you develop locally.
System calls, for example network I/O, filesystem read/writes, current user info, process list, and CPU/memory utilization are not permitted by the security model. Although some such calls may be functional, they are unsupported and liable to be actively disabled at any time. For forward compatibility, you should avoid making such calls in your Python scripts.
For working samples of API proxies, see the Samples reference.
Help or comments?