Add a Policy to a Service

In addition to the policies which will be applied via the associated plans, you can also add policies directly to a service. This is optional.

The service level policies will be applied to all invocations of the service by any application, regardless of the plan which will be used in the service contract.

To do this, go to the Policies tab page.

The policies available in the scope of a service are enlisted in the following tables (indicated with type 'S'): API Policies

The Trust1Gateway API Engine enables default service policies. These will be automatically applied to all services, except when you provide a custom policy of the same type.

The policies that are applied automatically are mentioned on the 'Policies' tab:

As shown in the screenshot above, the following policies will apply automatically:

Name	Description	Reason
CORS policy	Cross-Origin Resource Sharing. Find more information on the wiki:CORS Policy	The Trust1Gateway Marketplace exposes API documentation in the form of an interactive API definition (using swagger JSON). In order to activate the ability for the 'Try-out' button - and sending a real request towards the service - CORS should be enabled and thus allowing browser-to-service communication.
Key Authentication policy	Key Authentication policy (provisioning of API keys for the service - basic security protection)	Each published service must be protected from the outside world. In doing so, a basic API Key is necessary and activated on all services published through the Trust1Gateway Publisher. This is how we guarantee that no 'unknown' or 'unregistered' consumer can access the protected service.When applying other security models, keep in mind that all security models are accumulating. This is, when adding OAuth2 policy, in order to send a valid request, a valid API Key must be provided in the request header as well as a valid OAuth2 access token. Both are necessary and needed in order to request the protected resource (service).
ACL policy	Access Control List policy	In order to enforce that only applications with an existing contract can consume a given service, an ACL policy is applied by default. Should you choose to disable the ACL policy, every application created in the Marketplace will be able to consume your service, without requiring a contract. We strongly recommend against disabling/removing the ACL policy.

To add an additional service level policy, click the Add Policy button and select the appropriate policy from the list.

Provide the parameter values and click Add Policy.

You can add more than one policy.