Loading

How to Apply API Manager Policies to an API Via the API

Data pubblicazione: Jul 25, 2025
Fasi

CONTENTS

You want to apply an API Manager policy to an existing API via the API.


STEPS TO FOLLOW

1. Please get a bearer token: How to generate your Authorization Bearer token for Anypoint Platform
2. Obtain the Org ID: How to know my Organization ID (Org ID) on the Anypoint Platform
3. Obtain the environment ID: How to get the Environment ID?
4. Please follow steps 1-2 to get the API ID: How to get API ID needed for creating an API Manager Analytics Report via API Manager REST API
5. Then, make a call like this below. This will be for the IP whitelist policy: 
curl 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/< org ID from step 2>/environments/<env ID from step 3>/apis/<API ID from step 4>/policies' -X POST -H 'Accept: application/json, text/plain, */*'  -H 'X-ANYPNT-ORG-ID: <org ID from steo 2>' -H 'X-ANYPNT-ENV-ID: <env ID from step 3>' -H 'Content-Type: application/json;charset=utf-8' --data-raw 
'{
  "configurationData": {
    "ipExpression": "#[attributes.headers['x-forwarded-for']]",
    "ips": [
      "1.1.1.1"
    ]
  },
  "apiVersionId": <API ID from step 4>,
  "pointcutData": null,
  "policyTemplateId": null,
  "groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
  "assetId": "ip-allowlist",
  "assetVersion": "1.1.1"
}'
6. If you need the exact parameters for each policy, you can first add the policy via the UI and then perform a GET on the same endpoint. For example, I have added header injection and OAuth 2.0 access token enforcement using Mule OAuth provider and then ran a GET call against the above URL:
  
curl 'https://anypoint.mulesoft.com/apimanager/api/v1/organizations/<org ID from step 2>/environments/<env ID from step 3>/apis/<API ID from step 4>/policies' -X GET  -H 'Accept: application/json, text/plain, */*' -H 'Authorization: Bearer <bearer token from step 1>' -H 'X-ANYPNT-ENV-ID: <env ID from step 3> -H 'Content-Type: application/json;charset=utf-8'

You will get a result like this to understand how to populate the body for a POST: 
{
  "policies": [
    {
      "policyTemplateId": "<hidden>",
      "order": 1,
      "pointcutData": null,
      "type": "system",
      "policyId": <hidden>,
      "configuration": {
        "scopeValidationCriteria": "AND",
        "tokenUrl": "https://www.google.com",
        "secureTrustStore": false,
        "exposeHeaders": false,
        "skipClientIdValidation": true,
        "authenticationTimeout": 10000
      },
      "template": {
        "groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
        "assetId": "external-oauth2-access-token-enforcement",
        "assetVersion": "1.5.1"
      },
      "version": <hidden>
    },
    {
      "policyTemplateId": "<hidden>",
      "order": 2,
      "pointcutData": null,
      "implementationAsset": {
        "assetId": "header-injection-mule",
        "groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
        "version": "1.3.0",
        "minRuntimeVersion": "4.1.0"
      },
      "type": "system",
      "policyId": <hidden>,
      "configuration": {
        "inboundHeaders": [],
        "outboundHeaders": []
      },
      "template": {
        "groupId": "68ef9520-24e9-4cf2-b2f5-620025690913",
        "assetId": "header-injection",
        "assetVersion": "1.3.1"
      },
      "version": <hidden>
    }
  ]
}




 
Numero articolo Knowledge

001115318

 
Caricamento
Salesforce Help | Article