Open in app

Sign in

Write

Sign in

XML policy fragment — Reuse policy configurations in your azure APIM

Akshay Shinde </>
4 min readDec 26, 2022

Considering you are already familiar with azure APIM policies under azure APIM and you have already played with them and experienced power of azure APIM policies !

Quick glance: Policies in Azure API Management

In Azure API Management, API publishers can change API behavior through configuration using policies. Policies are a collection of statements that are run sequentially on the request or response of an API. Popular statements include:

1. Format conversion from XML to JSON

2. Call rate limiting to restrict the number of incoming calls from a developer

3. Filtering requests that come from certain IP addresses

Scope :

API Management allows you to define policies at the following scopes, from most broad to most narrow:

  • Global (all APIs)
  • Product (APIs associated with a selected product)
  • API (all operations in an API)
  • Operation (single operation in an API)

Apply policies specified at different scopes Scope:

If you have a policy at the global level and a policy configured for an API, both policies can be applied whenever that particular API is used. API Management allows for deterministic ordering of combined policy statements via the base element.

So as mentioned above scopes will surely help you to reuse few policies as per business need.

Now consider a business requirement where you just need to apply particular logic/transformation on few operations and not on all API operations. e.g. You want to add some headers and remove few headers for only 4 operations instead of all operations i.e. 7 operations.

To accomplish this, you need to write same set of policy having logic/transformation under those required operations (here i.e. under all 4 operations).

Can we achieve this using any easy way and avoid writing same set of policies?🧐 Answer is YES ! we can. 😊

Azure APIM has recently introduced ‘policy fragment’ under APIM service as new offering and we can use same to tackle our above mentioned business case.

So, Lets get started! 🙂

As we want to use recently added ‘policy fragment’ service so firstly we need to create that fragment and add related policies having your business logic/transformation.

Please follow below given steps for demo where we will create one new policy fragment named as ‘delta_policy_fragments’ under our azure APIM service.

Here under step-5 , you can add your policies just like your normal policies. In short, this policy fragment xml will get used as re-usable code.

For your understanding, I have shared my ‘delta_policy_fragments’ policy xml as below.

This policy fragment will add static header ‘x-request-context-data’ with given values(my_User_Id,my_Deployment_Region), also will add custom header ‘UserHeader’ based on operation variable value. In addition to this, it will also mask/delete sensitive header coming from backend.

Time to hit create button😋, policy fragment has been created now! Cool😎

Now next action is to implement this newly created policy fragment under your operation level policy. I have added below code under outbound policy

<include-fragment fragment-id=”delta_policy_fragments” />

For your understanding, I have shared my operation level policy xml as below. I’m setting some unique value under ‘user-header-value’ . This variable value will get consumed when setting-up ‘UserHeader’ as a custom header in above defined ‘delta_policy_fragments’

We are done with related setup and now all set to test our operation under azure portal. I have tried to test same and attached test-result.

So as shown above, our configured XML policy fragment setup is working as expected and APIM operation level policy is calling same. Cool !😎 We can see mentioned headers under ‘delta_policy_fragments’ are getting reflected with masked backend headers as well.

😋Another hint : You can also use XML policy fragment when you want to use some common policy across different APIs, as we know XML policy fragment is configured at your APIM instance level !

Thanks for reading my article till end. Stay tuned and follow me for more updates. Don’t forget to give is your 👏 if you really enjoyed reading this article just to support your author also please share to your friends..! 🙂

Thanks — Akshay Shinde

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Azure
Azure Api Management
Azure Api
Api Management
Azure Policies

Akshay Shinde </>
Akshay Shinde </>

Written by Akshay Shinde </>

14 Followers
66 Following

Cloud Engineer ☁️

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams