Datascape Experience API
API Policies
The following policies are applied to the API via API Manager:
Client ID Enforcement Policy
The purpose of the Client ID Enforcement policy is to allow access only to authorised client applications. The Client Id Enforcement policy is used to restrict access to a protected resource by allowing requests only from registered client applications.
Client ID enforcement enables the client to be authorised to be able to use the API. Received request from the client must have the following required values or the client will receive a 401 unauthorised status code.
| Parameter | Location | Description |
|---|---|---|
| client_id | Request Header | Client ID is unique identified assigned to the client application. |
| client_secret | Request Header | Client secret is a key assigned to the client ID parameter when access is requested and approved via the Exchange portal. |
Message Logging Policy
Rate Limiting
JSON Threat Protection
Applications processing JSON requests are susceptible to attacks characterized by unusual inflation of elements and nesting levels. Attackers use recursive techniques to consume memory resources. Dramatic swings in the size of the application data often signal a security problem. The JSON Threat Protection policy helps protect your applications from such intrusions.
| Properties | Value |
|---|---|
| Maximum Container Depth | 10 |
| Maximum String Value Length | 1000 |
| Maximum Object Entry Name Length | 100 |
| Maximum Object Entry Count | 1000 |
| Maximum Array Element Count | 2000 |
XMLThreat Protection
Protects against malicious XML in API requests
| Properties | Value |
|---|---|
| Maximum Node Depth | 15 |
| Maximum Attribute Count Per Element | 50 |
| Maximum Child Count | 100 |
| Maximum Text Length | 10000 |
| Maximum Attribute Length | 1000 |
| Maximum Comment Length | 2000 |