Share via

Policy execution order - Product and API scopes

Nagashree Balasundaram 741 Reputation points
Mar 2, 2023, 11:23 PM

Hi,

If there are policies defined at product scope, ALL APIs scope, All operations(in an API) scope, how is the execution order of the policy determined. From the below documentation, it is stated that, it depends on the position of the <base/> tag. Can you please point to some examples on this. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-policies#scopes

Here is my example policy:

Product scope policy:

<policies>
    <inbound>
        <base />
<set-header name="product-id" exists-action="override">product1</set-header>
</inbound>

All APIs policy

<policies>
    <inbound> <!-- no base defined here -->
    <rate-limit-by-key calls="4000" renewal-period="60" counter-key="@(context.Subscription?.Key ?? "anonymous")" increment-condition="@(context.Response.StatusCode >= 200 && context.Response.StatusCode < 300)" remaining-calls-variable-name="remaningCallsForKey" retry-after-header-name="retry-after" remaining-calls-header-name="remaining-calls" retry-after-variable-name="retryAfterSecs" />
    </inbound>

All operations policy

<policies>
    <inbound>
        <base />
        <set-backend-service backend-id="OrderAppservice-backend" />
    </inbound>

In the above configuration, what would be the policy execution order for an incoming request.

Is this the right order - All APIs-followed by Product policy- followed by All operations as base is defined before the policies?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,260 questions
0 comments No comments
{count} votes

Accepted answer
  1. MayankBargali-MSFT 70,796 Reputation points
    Mar 3, 2023, 7:21 AM

    @Nagashree Balasundaram Thanks for reaching out. As per the document if you see the policy scope then it is global --> product --> api --> operation and based on where you specify the base element it will evaluation the policy.

    User's image

    If you are using scope as Product scope, then in your example policy evaluation will be first global --> product --> API --> operation

    	<inbound>
    		<!--base: Begin Api scope-->
    		<!--base: Begin Product scope-->
    		<!--base: Begin Global scope-->
    		<!--base: End Global scope-->
    		<set-header name="product-id" exists-action="override">product1</set-header>
    		<!--base: End Product scope-->
    		<rate-limit-by-key calls="4000" renewal-period="60" counter-key="@(context.Subscription?.Key ?? "anonymous")" increment-condition="@(context.Response.StatusCode >= 200 && context.Response.StatusCode < 300)" remaining-calls-variable-name="remaningCallsForKey" retry-after-header-name="retry-after" remaining-calls-header-name="remaining-calls" retry-after-variable-name="retryAfterSecs" />
    		<!--base: End Api scope-->
    		<set-backend-service backend-id="OrderAppservice-backend" />
    	</inbound>
    

    You can always leverage the "Calculate effective policy" under the individual operation and specify which scope you are testing, and it will provide you the evaluated policy that will be executing the order.

    User's image

    Feel free to get back to me if you have any queries or concerns.

    Please accept as "Yes" if the answer is helpful so that it can help others in the community. If you need any help/clarification/concerns/follow up questions, then please click on "Add Comment" on my answer and provide more details.

    0 comments No comments

0 additional answers

Sort by: Newest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.