In API7 Cloud, a Policy is a rule that defines how the data plane instance will handle the requests. By saying handled, it means requests might be:
- transformed (headers, query parameters, body);
- protected (authentication, authorization, rate-limiting, etc.);
- recorded (logging, metrics, etc.);
A Policy can be attached on a specific Application, API, or Consumer. Policies attached to an API only work for the API itself and will override the same one on the Application ( not run the policy twice); Policies attached to an Application will affect all APIs in the Application;
Besides, Policies attached to a Consumer will work with Policies on the Application or API, which means you need to enable the same policy both on the Consumer and Application (or API). Policies on Consumer contain per Consumer data (rate-limiting quota, authentication credentials, etc.).
API7 Cloud provides several policies for different purposes. Please refer to the table of contents below to learn the details.