Reuse policy configurations in your API Management policy definitions
APPLIES TO: All API Management tiers
This article shows you how to create and use policy fragments in your API Management policy definitions. Policy fragments are centrally managed, reusable XML snippets containing one or more API Management policy configurations.
Policy fragments help you configure policies consistently and maintain policy definitions without needing to repeat or retype XML code.
A policy fragment:
- Must be valid XML containing one or more policy configurations
- May include policy expressions, if a referenced policy supports them
- Is inserted as-is in a policy definition by using the include-fragment policy
Limitations:
- A policy fragment can't include a policy section identifier (
<inbound>
,<outbound>
, etc.) or the<base/>
element. - Currently, a policy fragment can't nest another policy fragment.
- The maximum size of a policy fragment is 32 KB.
Prerequisites
If you don't already have an API Management instance and a backend API, see:
While not required, you may want to configure one or more policy definitions. You can copy policy elements from these definitions when creating policy fragments.
Go to your API Management instance
In the Azure portal, search for and select API Management services.
On the API Management services page, select your API Management instance.
Create a policy fragment
In the left navigation of your API Management instance, under APIs, select Policy fragments > + Create.
In the Create a new policy fragment window, enter a Name and an optional Description of the policy fragment. The name must be unique within your API Management instance.
Example name: ForwardContext
In the XML policy fragment editor, type or paste one or more policy XML elements between the
<fragment>
and</fragment>
tags.For example, the following fragment contains a
set-header
policy configuration to forward context information to a backend service. This fragment would be included in an inbound policy section. The policy expressions in this example access the built-incontext
variable.<fragment> <set-header name="x-request-context-data" exists-action="override"> <value>@(context.User.Id)</value> <value>@(context.Deployment.Region)</value> </set-header> </fragment>
Select Create. The fragment is added to the list of policy fragments.
Include a fragment in a policy definition
Configure the include-fragment
policy to insert a policy fragment in a policy definition. For more information about policy definitions, see Set or edit policies.
- You may include a fragment at any scope and in any policy section, as long as the underlying policy or policies in the fragment support that usage.
- You may include multiple policy fragments in a policy definition.
For example, insert the policy fragment named ForwardContext in the inbound policy section:
<policies>
<inbound>
<include-fragment fragment-id="ForwardContext" />
<base />
</inbound>
[...]
Tip
To see the content of an included fragment displayed in the policy definition, select Calculate effective policy in the policy editor.
Manage policy fragments
After creating a policy fragment, you can view and update the properties of a policy fragment, or delete the policy fragment at any time.
To view properties of a policy fragment:
- In the left navigation of your API Management instance, under APIs, select Policy fragments. Select the name of your fragment.
- On the Overview page, review the Policy document references to see the policy definitions that include the fragment.
- On the Properties page, review the name and description of the policy fragment. The name can't be changed.
To edit a policy fragment:
- In the left navigation of your API Management instance, under APIs, select Policy fragments. Select the name of your fragment.
- Select Policy editor.
- Update the statements in the fragment and then select Apply.
Note
Update affects all policy definitions where the fragment is included.
To delete a policy fragment:
- In the left navigation of your API Management instance, under APIs, select Policy fragments. Select the name of your fragment.
- Review Policy document references for policy definitions that include the fragment. Before a fragment can be deleted, you must remove the fragment references from all policy definitions.
- After all references are removed, select Delete.
Related content
For more information about working with policies, see:
- Tutorial: Transform and protect APIs
- Set or edit policies
- Policy reference for a full list of policy statements
- Policy snippets repo
- Author policies using Microsoft Copilot in Azure