can we create a common policy for global and product scope?

akhilas@secful.com 20

I created an API Management (APIM) policy at the product level and now we need to set up a policy that can be used at the global, product, and API scopes. I initially created a product-level policy and tried to place it at the global scope, but it resulted in an error. Is it possible to create a single policy that works across all scopes?When I use the policy at All API level, I basically:

replace the original policy.xml from

<backend>
<base />
</backend>
to
<backend>
<forward-request />
</backend>

and remove all lines that have

<base/> (there should be three of them).then it work for global . is any other option?

akhilas@secful.com 20 Reputation points

2024-04-23T03:50:40.7566667+00:00

Could you please give n answer
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
akhilas@secful.com 20 Reputation points

2024-04-23T07:25:36.09+00:00

Can I remove the <base> element from the existing product policy so that it can be used at both the global and product/API levels?
akhilas@secful.com 20 Reputation points

2024-04-23T07:58:59.5366667+00:00

got it Thanks @JananiRamesh-MSFT I have a policy, and my customers use it in various ways, some at the global level and some at the product level. What's the best practice: should I remove the <base> from the policy and share it with all customers, or should we create separate policies for each use case?
JananiRamesh-MSFT 21,321 Reputation points

2024-04-23T15:23:22.4833333+00:00

@akhilas@secful.com

I hope the answer helps. Please let me know if you have any further queries.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.
JananiRamesh-MSFT 21,321 Reputation points

2024-04-25T03:56:54.92+00:00

@akhilas@secful.com Please Accept the answer if the information helped you. Accepting answers will help increase the visibility of this question and the solution for anyone else who may run into the same issue. Thank you for helping to improve Microsoft Q&A!

1 answer

JananiRamesh-MSFT 21,321 Reputation points

2024-04-23T05:27:38.16+00:00
@akhilas@secful.com Thanks for reaching out. From the description i understand that you have created a product-level policy and tried to place it at the global scope, but it resulted in an error. you want to know if there is any other option to create a policy that can be used at the global, product, and API scopes.

if you want to use a policy at the global, product, and API scopes, you can define the policy at the global scope and use the base element to inherit the policy at the product and API scopes. For example, you can define a policy at the global scope as follows:

<policies> <inbound>  </inbound> <backend>  </backend> <outbound>  </outbound> </policies>

Then, you can inherit the policy at the product and API scopes by using the base element as follows:

<policies> <inbound> <base />  </inbound> </policies>

please refer: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-policies?wt.mc_id=knwlserapi_inproduct_azportal#scopes

do let me know incase of further queries, I would be happy to assist you.
Please sign in to rate this answer.

1 person found this answer helpful.
akhilas@secful.com 20 Reputation points

2024-04-23T07:50:35.47+00:00

Can I remove the <base> element from the existing product policy so that it can be used at both the global and product/API levels?

JananiRamesh-MSFT 21,321 Reputation points

2024-04-23T07:52:26.7366667+00:00

@akhilas@secful.com Thanks for getting back, you will not be able to use <base> tag in global scope i.e, at all api's scope.

The base tag is used to inherit policies from a parent scope. At the global scope, there is no parent scope to inherit from, as it is the highest level at which policies can be applied. This is why the base tag is not used at the global scope.

the forward-request policy must be used in the backend section at the global scope in Azure APIM which is required to forward requests to an API backend.

that's why the error is thrown, do let me incase of further queries, i would be happy to assist you.

JananiRamesh-MSFT 21,321 Reputation points

2024-04-23T08:28:15.1633333+00:00

@akhilas@secful.com Thanks for getting back, if your policy is used in various ways by your customers, some at the global level and some at the product level, it's best to create separate policies for each use case. This will allow you to customize the policy for each use case and avoid any conflicts or unintended consequences.

When you create a policy, you can specify the scope at which it should be applied. You can create a policy at the global scope, the product scope, or the API scope. If you create a policy at the global scope, it will apply to all APIs in your APIM instance. If you create a policy at the product scope, it will apply to all APIs in the product. If you create a policy at the API scope, it will apply only to that API.

By creating separate policies for each use case, you can avoid conflicts between customers and ensure that each customer is using the policy in the intended way. It also allows you to customize the policy for each use case, which can be beneficial if your customers have different requirements or use cases.

I hope this helps. Let me know if you have any other questions.
Sign in to comment