Step 2: Add policies to your API

To design and customize the behavior of your APIs, you apply a set of policies. Each policy performs one of several API management tasks. For example, you can add policies for response caching, rate limiting, XML-to-JSON transformation, and so on.

The API proxy editor lets you see the structure of your API proxy and configure its flow. The editor is a visual representation of your proxy's message flows as well as an editable display of the XML that defines the proxy.

Set a rate limit for your API

To help you learn how to configure APIs, you're going to add a couple of policies to the WeatherAPI you created. First, you'll adjust the default Spike Arrest policy to protect your backend from high traffic.

  1. In the main menu, click APIs to display the APIs page.
  2. Click WeatherAPI.
  3. On the WeatherAPI detail page, click the Edit API Proxy button.

  4. In the API proxy editor, click New Policy. This displays a categorized list of all the policies you can create.

  5. Select Spike Arrest in the Traffic Management category.

    Spike arrests are a way to stop traffic spikes (or bursts) that can be caused by an increase in usage, buggy clients, or malicious attacks. In response, you’ll see the New Policy dialog which displays:

    • The Policy name assigned to the new policy.
    • An Attach Policy checkbox. Checking this box attaches the policy to the Flow.
    • A Flow drop-down menu.
    • Segment request and response radio buttons.

  6. Click Add to accept the defaults.

    The new policy (of the assigned name) is attached to the request message flow. This means that the API Platform will include the Spike Arrest policy as part of its processing of messages sent from a client app to your API. Because you accepted the default selections for the Flow and Segment options, the Spike Arrest policy will be applied to request messages at the ProxyEndpoint.

    Learn about flows and endpoints in How an API proxy works. What’s important to understand at this point is that the Spike Arrest policy will be processed first by your API proxy.

  7. Examine what’s been added to the API proxy editor:
    • The Spike Arrest policy is added to various views in the proxy editor.
    • The policy is added to the list of policies in the Navigator view.
    • The policy is added to the Designer view, which is a visual representation of your proxy's message flows.
    • The XML for the policy is displayed in the Code view.
    • The XML element and attribute values for the policy are displayed in the Property Inspector.

  8. In the XML for the policy, change the value of the <Rate> element to 75ps.

    This limits traffic to a maximum of 75 messages per second. Notice that the Rate value in the Property Inspector also changes to 75ps. You can also change the Rate value in the Property Inspector and it will be reflected in the XML view.

  9. Click the Project button, then select Save in the drop-down menu to save the current revision with your changes.

Convert XML to JSON

Suppose your API provides responses in XML. This can be a problem for developers whose apps want to access the backend service through your API, but only accept JSON responses from their RESTful API calls. You can however provide a policy that converts data sent by the service from XML to JSON.

In this type of policy, the payload of an XML message is parsed and converted into JSON. The content-type is changed to application/json. The policy only works when the source content-type is application/xml. See Convert XML to JSON for details.

To add an XML to JSON policy:

  1. In the API proxy editor, click New policy, and select XML to JSON in the Mediation category.
  2. In the New Policy dialog select the following:
    • Flow PostFlow, Proxy Endpoint default, in the Flow drop-down menu.
    • The Response segment radio button.
    • Keep the default values for Policy Name and Attach Policy.
  3. Click Add.

    The new policy is attached to the response message flow. Because you selected Flow PostFlow, Proxy Endpoint default, and chose the Response segment, the XML to JSON policy is applied to response messages at the ProxyEndpoint.

  4. Click the Project button, then select Save in the drop-down menu.
  5. Click Deployment, then Test.

    The updated API proxy replaces the revision currently deployed in your test environment.

    Note: Depending on your role, you may not be able to deploy to all environments. Users can deploy only to the test environment. Administrators can deploy to any environment.

Learn more