Contacts (entity-api-specification)
API Policies
Client ID Enforcement Policy
The purpose of the Client ID Enforcement policy is to allow access only to authorised client applications. The Client Id Enforcement policy is used to restrict access to a protected resource by allowing requests only from registered client applications.
Client ID enforcement enables the client to be authorised to be able to use the API. Received request from the client must have the following required values or the client will receive a 401 unauthorised status code.
| Parameter | Location | Description |
|---|---|---|
| client_id | Request Header | Client ID is unique identified assigned to the client application. |
| client_secret | Request Header | Client secret is a key assigned to the client ID parameter when access is requested and approved via the Exchange portal. |
Message Logging Policy
The purpose of the Message Logging Policy is to allow the API to logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint.
Rate Limiting Policy
The purpose of the Rate Limiting Policy is to control the incoming traffic to an API by limiting the number of requests that the API can receive within a given period of time. After the limit is reached, the policy rejects all requests, thereby avoiding any additional load on the backend API. When you configure the Rate Limiting policy, you can specify any number of pairs of quota (number of requests) and time window (time period) values.
| Field | Value | Description |
|---|---|---|
| Number of Requests | 100 | The number of requests that is expected in a certain period of time |
| Time Period | 1 | The amount of time for which the request quota is to be applied |
| Time Unit | Minutes | The time in milliseconds, seconds, minutes, or hours |
JSON Threat Protection Policy
The purpose of the JSON Threat Protection Policy is to help the API protect against malicious JSON in API requests.
IP Allowlist Policy
The purpose of the JSON Threat Protection Policy is to allow a list or a range of specified IP addresses access to a protected resource when a match is found between a source IP (specified when configuring the policy) and a list of individual IPs or range of IPs. The policy supports both IPv4 and IPv6 addresses.