Invoices
API Policies
Client ID Enforcement Policy
The purpose of the Client ID Enforcement policy is to allow access only to authorised client applications. The Client Id Enforcement policy is used to restrict access to a protected resource by allowing requests only from registered client applications.
Client ID enforcement enables the client to be authorised to be able to use the API. Received request from the client must have the following required values or the client will receive a 401 unauthorised status code.
| Parameter | Location | Description |
|---|---|---|
| client_id | Request Header | Client ID is unique identified assigned to the client application. |
| client_secret | Request Header | Client secret is a key assigned to the client ID parameter when access is requested and approved via the Exchange portal. |
Message Logging Policy
The purpose of the Message Logging Policy is to allow the API to logs custom messages using information from incoming requests, responses from the backend, or information from other policies applied to the same API endpoint.
Spike Control
Spike Control policy limit or restrict the number of request an API can accept in a defined window of time. It doesn't reject the requests when the number exceed in defined window of time and the policy allows requests to be queued for later reprocessing without closing the connection to the client.
| Field | Value | Description |
|---|---|---|
| Number of Requests | 100 | The number of requests that is expected in a certain period of time |
| Time Period | 1000 | The amount of time for which the request quota is to be applied |
| Delay Time | 1000 | The amount of time for which the request quota is to be applied |
| Time Unit | Milliseconds | The time in milliseconds, seconds, minutes, or hours |
| Delay Attempts | 1 | The maximum number of times the policy will try to process the request if there is no quota available |
| Queuing Limit | 5 | The maximum number of concurrent requests that can be waiting to be retried |
JSON/XML Threat Protection Policy
The purpose of the JSON/XML Threat Protection Policy is to help the API protect against malicious JSON/XML in API requests.
IP Allowlist Policy
The purpose of the JSON Threat Protection Policy is to allows a list or a range of specified IP addresses access to a protected resource when a match is found between a source IP (specified when configuring the policy) and a list of individual IPs or range of IPs. The policy supports both IPv4 and IPv6 addresses.