oracle.oci.oci_apigateway_deployment_actions – Perform actions on a Deployment resource in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.11.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_apigateway_deployment_actions.

New in version 2.9.0: of oracle.oci

Synopsis

  • Perform actions on a Deployment resource in Oracle Cloud Infrastructure

  • For action=change_compartment, changes the deployment compartment.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
action
string / required
    Choices:
  • change_compartment
The action to perform on the Deployment.
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
compartment_id
string / required
The OCID of the compartment in which the resource is created.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
deployment_id
string / required
The ocid of the deployment.

aliases: id
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
wait
boolean
    Choices:
  • no
  • yes ←
Whether to wait for create or delete operation to complete.
wait_timeout
integer
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.

Examples

- name: Perform action change_compartment on deployment
  oci_apigateway_deployment_actions:
    # required
    deployment_id: "ocid1.deployment.oc1..xxxxxxEXAMPLExxxxxx"
    compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
    action: change_compartment

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
deployment
complex
on success
Details of the Deployment resource acted upon by the current operation

Sample:
{'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'display_name': 'display_name_example', 'endpoint': 'endpoint_example', 'freeform_tags': {'Department': 'Finance'}, 'gateway_id': 'ocid1.gateway.oc1..xxxxxxEXAMPLExxxxxx', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATING', 'path_prefix': 'path_prefix_example', 'specification': {'logging_policies': {'access_log': {'is_enabled': True}, 'execution_log': {'is_enabled': True, 'log_level': 'INFO'}}, 'request_policies': {'authentication': {'audiences': [], 'cache_key': [], 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'is_anonymous_access_allowed': True, 'issuers': [], 'max_clock_skew_in_seconds': 3.4, 'parameters': {}, 'public_keys': {'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'token_auth_scheme': 'token_auth_scheme_example', 'token_header': 'token_header_example', 'token_query_param': 'token_query_param_example', 'type': 'CUSTOM_AUTHENTICATION', 'validation_failure_policy': {'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'fallback_redirect_path': 'fallback_redirect_path_example', 'logout_path': 'logout_path_example', 'max_expiry_duration_in_hours': 56, 'response_code': 'response_code_example', 'response_header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_message': 'response_message_example', 'response_type': 'CODE', 'scopes': [], 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'MODIFY_RESPONSE', 'use_cookies_for_intermediate_steps': True, 'use_cookies_for_session': True, 'use_pkce': True}, 'validation_policy': {'additional_validation_policy': {'audiences': [], 'issuers': [], 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'cors': {'allowed_headers': [], 'allowed_methods': [], 'allowed_origins': [], 'exposed_headers': [], 'is_allow_credentials_enabled': True, 'max_age_in_seconds': 56}, 'dynamic_authentication': {'authentication_servers': [{'authentication_server_detail': {'audiences': [], 'cache_key': [], 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'is_anonymous_access_allowed': True, 'issuers': [], 'max_clock_skew_in_seconds': 3.4, 'parameters': {}, 'public_keys': {'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'token_auth_scheme': 'token_auth_scheme_example', 'token_header': 'token_header_example', 'token_query_param': 'token_query_param_example', 'type': 'CUSTOM_AUTHENTICATION', 'validation_failure_policy': {'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'fallback_redirect_path': 'fallback_redirect_path_example', 'logout_path': 'logout_path_example', 'max_expiry_duration_in_hours': 56, 'response_code': 'response_code_example', 'response_header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_message': 'response_message_example', 'response_type': 'CODE', 'scopes': [], 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'MODIFY_RESPONSE', 'use_cookies_for_intermediate_steps': True, 'use_cookies_for_session': True, 'use_pkce': True}, 'validation_policy': {'additional_validation_policy': {'audiences': [], 'issuers': [], 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'key': {'expression': 'expression_example', 'is_default': True, 'name': 'name_example', 'type': 'ANY_OF', 'values': []}}], 'selection_source': {'selector': 'selector_example', 'type': 'SINGLE'}}, 'mutual_tls': {'allowed_sans': [], 'is_verified_certificate_required': True}, 'rate_limiting': {'rate_in_requests_per_second': 56, 'rate_key': 'CLIENT_IP'}, 'usage_plans': {'token_locations': []}}, 'routes': [{'backend': {'allowed_post_logout_uris': [], 'body': 'body_example', 'connect_timeout_in_seconds': 3.4, 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'headers': [{'name': 'name_example', 'value': 'value_example'}], 'is_ssl_verify_disabled': True, 'post_logout_state': 'post_logout_state_example', 'read_timeout_in_seconds': 3.4, 'routing_backends': [{'backend': {'type': 'ORACLE_FUNCTIONS_BACKEND'}, 'key': {'expression': 'expression_example', 'is_default': True, 'name': 'name_example', 'type': 'ANY_OF', 'values': []}}], 'selection_source': {'selector': 'selector_example', 'type': 'SINGLE'}, 'send_timeout_in_seconds': 3.4, 'status': 56, 'type': 'ORACLE_FUNCTIONS_BACKEND', 'url': 'url_example'}, 'logging_policies': {'access_log': {'is_enabled': True}, 'execution_log': {'is_enabled': True, 'log_level': 'INFO'}}, 'methods': [], 'path': 'path_example', 'request_policies': {'authorization': {'allowed_scope': [], 'type': 'ANONYMOUS'}, 'body_validation': {'content': {'validation_type': 'NONE'}, 'required': True, 'validation_mode': 'ENFORCING'}, 'cors': {'allowed_headers': [], 'allowed_methods': [], 'allowed_origins': [], 'exposed_headers': [], 'is_allow_credentials_enabled': True, 'max_age_in_seconds': 56}, 'header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'header_validations': {'headers': [{'name': 'name_example', 'required': True}], 'validation_mode': 'ENFORCING'}, 'query_parameter_transformations': {'filter_query_parameters': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_query_parameters': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_query_parameters': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'query_parameter_validations': {'parameters': [{'name': 'name_example', 'required': True}], 'validation_mode': 'ENFORCING'}, 'response_cache_lookup': {'cache_key_additions': [], 'is_enabled': True, 'is_private_caching_enabled': True, 'type': 'SIMPLE_LOOKUP_POLICY'}}, 'response_policies': {'header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_cache_store': {'time_to_live_in_seconds': 56, 'type': 'FIXED_TTL_STORE_POLICY'}}}]}, 'time_created': '2013-10-20T19:20:30+01:00', 'time_updated': '2013-10-20T19:20:30+01:00'}
 
compartment_id
string
on success
The OCID of the compartment in which the resource is created.

Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
 
defined_tags
dictionary
on success
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: `{"Operations": {"CostCenter": "42"}}`

Sample:
{'Operations': {'CostCenter': 'US'}}
 
display_name
string
on success
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
Example: `My new resource`

Sample:
display_name_example
 
endpoint
string
on success
The endpoint to access this deployment on the gateway.

Sample:
endpoint_example
 
freeform_tags
dictionary
on success
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: `{"Department": "Finance"}`

Sample:
{'Department': 'Finance'}
 
gateway_id
string
on success
The OCID of the resource.

Sample:
ocid1.gateway.oc1..xxxxxxEXAMPLExxxxxx
 
id
string
on success
The OCID of the resource.

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
lifecycle_details
string
on success
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in a Failed state.

Sample:
lifecycle_details_example
 
lifecycle_state
string
on success
The current state of the deployment.

Sample:
CREATING
 
path_prefix
string
on success
A path on which to deploy all routes contained in the API deployment specification. For more information, see Deploying an API on an API Gateway by Creating an API Deployment.

Sample:
path_prefix_example
 
specification
complex
on success

   
logging_policies
complex
on success

     
access_log
complex
on success

       
is_enabled
boolean
on success
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.

Sample:
True
     
execution_log
complex
on success

       
is_enabled
boolean
on success
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.

Sample:
True
       
log_level
string
on success
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.

Sample:
INFO
   
request_policies
complex
on success

     
authentication
complex
on success

       
audiences
list / elements=string
on success
The list of intended recipients for the token.

       
cache_key
list / elements=string
on success
A list of keys from "parameters" attribute value whose values will be added to the cache key.

       
function_id
string
on success
The OCID of the Oracle Functions function resource.

Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
       
is_anonymous_access_allowed
boolean
on success
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.

Sample:
True
       
issuers
list / elements=string
on success
A list of parties that could have issued the token.

       
max_clock_skew_in_seconds
float
on success
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.

Sample:
3.4
       
parameters
dictionary
on success
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`

       
public_keys
complex
on success

         
is_ssl_verify_disabled
boolean
on success
Defines whether or not to uphold SSL verification.

Sample:
True
         
keys
complex
on success
The set of static public keys.

           
alg
string
on success
The algorithm intended for use with this key.

Sample:
alg_example
           
e
string
on success
The base64 url encoded exponent of the RSA public key represented by this key.

Sample:
e_example
           
format
string
on success
The format of the public key.

Sample:
JSON_WEB_KEY
           
key
string
on success
The content of the PEM-encoded public key.

Sample:
key_example
           
key_ops
list / elements=string
on success
The operations for which this key is to be used.

           
kid
string
on success
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".

Sample:
kid_example
           
kty
string
on success
The key type.

Sample:
RSA
           
n
string
on success
The base64 url encoded modulus of the RSA public key represented by this key.

Sample:
n_example
           
use
string
on success
The intended use of the public key.

Sample:
sig
         
max_cache_duration_in_hours
integer
on success
The duration for which the JWKS should be cached before it is fetched again.

Sample:
56
         
type
string
on success
Type of the public key set.

Sample:
STATIC_KEYS
         
uri
string
on success
The uri from which to retrieve the key. It must be accessible without authentication.

Sample:
uri_example
       
token_auth_scheme
string
on success
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.

Sample:
token_auth_scheme_example
       
token_header
string
on success
The name of the header containing the authentication token.

Sample:
token_header_example
       
token_query_param
string
on success
The name of the query parameter containing the authentication token.

Sample:
token_query_param_example
       
type
string
on success
Type of the authentication policy to use.

Sample:
CUSTOM_AUTHENTICATION
       
validation_failure_policy
complex
on success

         
client_details
complex
on success

           
client_id
string
on success
Client ID for the OAuth2/OIDC app.

Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
           
client_secret_id
string
on success
The OCID of the Oracle Vault Service secret resource.

Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
           
client_secret_version_number
integer
on success
The version number of the client secret to use.

Sample:
56
           
type
string
on success
To specify where the Client App details should be taken from.

Sample:
VALIDATION_BLOCK
         
fallback_redirect_path
string
on success
The path to be used as fallback after OAuth2.

Sample:
fallback_redirect_path_example
         
logout_path
string
on success
The path to be used as logout.

Sample:
logout_path_example
         
max_expiry_duration_in_hours
integer
on success
The duration for which the OAuth2 success token should be cached before it is fetched again.

Sample:
56
         
response_code
string
on success
HTTP response code, can include context variables.

Sample:
response_code_example
         
response_header_transformations
complex
on success

           
filter_headers
complex
on success

             
items
complex
on success
The list of headers.

               
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
             
type
string
on success
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.

Sample:
ALLOW
           
rename_headers
complex
on success

             
items
complex
on success
The list of headers.

               
_from
string
on success
The original case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
_from_example
               
to
string
on success
The new name of the header. This name must be unique across transformation policies.

Sample:
to_example
           
set_headers
complex
on success

             
items
complex
on success
The list of headers.

               
if_exists
string
on success
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.

Sample:
OVERWRITE
               
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
               
values
list / elements=string
on success
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.

         
response_message
string
on success
HTTP response message.

Sample:
response_message_example
         
response_type
string
on success
Response Type.

Sample:
CODE
         
scopes
list / elements=string
on success
List of scopes.

         
source_uri_details
complex
on success

           
type
string
on success
Type of the Uri detail.

Sample:
DISCOVERY_URI
           
uri
string
on success
The discovery URI for the auth server.

Sample:
uri_example
         
type
string
on success
Type of the Validation failure Policy.

Sample:
MODIFY_RESPONSE
         
use_cookies_for_intermediate_steps
boolean
on success
Defines whether or not to use cookies for OAuth2 intermediate steps.

Sample:
True
         
use_cookies_for_session
boolean
on success
Defines whether or not to use cookies for session maintenance.

Sample:
True
         
use_pkce
boolean
on success
Defines whether or not to support PKCE.

Sample:
True
       
validation_policy
complex
on success

         
additional_validation_policy
complex
on success

           
audiences
list / elements=string
on success
The list of intended recipients for the token.

           
issuers
list / elements=string
on success
A list of parties that could have issued the token.

           
verify_claims
complex
on success
A list of claims which should be validated to consider the token valid.

             
is_required
boolean
on success
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.

Sample:
True
             
key
string
on success
Name of the claim.

Sample:
key_example
             
values
list / elements=string
on success
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.

         
client_details
complex
on success

           
client_id
string
on success
Client ID for the OAuth2/OIDC app.

Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
           
client_secret_id
string
on success
The OCID of the Oracle Vault Service secret resource.

Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
           
client_secret_version_number
integer
on success
The version number of the client secret to use.

Sample:
56
           
type
string
on success
To specify where the Client App details should be taken from.

Sample:
VALIDATION_BLOCK
         
is_ssl_verify_disabled
boolean
on success
Defines whether or not to uphold SSL verification.

Sample:
True
         
keys
complex
on success
The set of static public keys.

           
alg
string
on success
The algorithm intended for use with this key.

Sample:
alg_example
           
e
string
on success
The base64 url encoded exponent of the RSA public key represented by this key.

Sample:
e_example
           
format
string
on success
The format of the public key.

Sample:
JSON_WEB_KEY
           
key
string
on success
The content of the PEM-encoded public key.

Sample:
key_example
           
key_ops
list / elements=string
on success
The operations for which this key is to be used.

           
kid
string
on success
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".

Sample:
kid_example
           
kty
string
on success
The key type.

Sample:
RSA
           
n
string
on success
The base64 url encoded modulus of the RSA public key represented by this key.

Sample:
n_example
           
use
string
on success
The intended use of the public key.

Sample:
sig
         
max_cache_duration_in_hours
integer
on success
The duration for which the introspect URL response should be cached before it is fetched again.

Sample:
56
         
source_uri_details
complex
on success

           
type
string
on success
Type of the Uri detail.

Sample:
DISCOVERY_URI
           
uri
string
on success
The discovery URI for the auth server.

Sample:
uri_example
         
type
string
on success
Type of the token validation policy.

Sample:
STATIC_KEYS
         
uri
string
on success
The uri from which to retrieve the key. It must be accessible without authentication.

Sample:
uri_example
       
verify_claims
complex
on success
A list of claims which should be validated to consider the token valid.

         
is_required
boolean
on success
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.

Sample:
True
         
key
string
on success
Name of the claim.

Sample:
key_example
         
values
list / elements=string
on success
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.

     
cors
complex
on success

       
allowed_headers
list / elements=string
on success
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.

       
allowed_methods
list / elements=string
on success
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.

       
allowed_origins
list / elements=string
on success
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.

       
exposed_headers
list / elements=string
on success
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.

       
is_allow_credentials_enabled
boolean
on success
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.

Sample:
True
       
max_age_in_seconds
integer
on success
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.

Sample:
56
     
dynamic_authentication
complex
on success

       
authentication_servers
complex
on success
List of authentication servers to choose from during dynamic authentication.

         
authentication_server_detail
complex
on success

           
audiences
list / elements=string
on success
The list of intended recipients for the token.

           
cache_key
list / elements=string
on success
A list of keys from "parameters" attribute value whose values will be added to the cache key.

           
function_id
string
on success
The OCID of the Oracle Functions function resource.

Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
           
is_anonymous_access_allowed
boolean
on success
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.

Sample:
True
           
issuers
list / elements=string
on success
A list of parties that could have issued the token.

           
max_clock_skew_in_seconds
float
on success
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.

Sample:
3.4
           
parameters
dictionary
on success
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`

           
public_keys
complex
on success

             
is_ssl_verify_disabled
boolean
on success
Defines whether or not to uphold SSL verification.

Sample:
True
             
keys
complex
on success
The set of static public keys.

               
alg
string
on success
The algorithm intended for use with this key.

Sample:
alg_example
               
e
string
on success
The base64 url encoded exponent of the RSA public key represented by this key.

Sample:
e_example
               
format
string
on success
The format of the public key.

Sample:
JSON_WEB_KEY
               
key
string
on success
The content of the PEM-encoded public key.

Sample:
key_example
               
key_ops
list / elements=string
on success
The operations for which this key is to be used.

               
kid
string
on success
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".

Sample:
kid_example
               
kty
string
on success
The key type.

Sample:
RSA
               
n
string
on success
The base64 url encoded modulus of the RSA public key represented by this key.

Sample:
n_example
               
use
string
on success
The intended use of the public key.

Sample:
sig
             
max_cache_duration_in_hours
integer
on success
The duration for which the JWKS should be cached before it is fetched again.

Sample:
56
             
type
string
on success
Type of the public key set.

Sample:
STATIC_KEYS
             
uri
string
on success
The uri from which to retrieve the key. It must be accessible without authentication.

Sample:
uri_example
           
token_auth_scheme
string
on success
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.

Sample:
token_auth_scheme_example
           
token_header
string
on success
The name of the header containing the authentication token.

Sample:
token_header_example
           
token_query_param
string
on success
The name of the query parameter containing the authentication token.

Sample:
token_query_param_example
           
type
string
on success
Type of the authentication policy to use.

Sample:
CUSTOM_AUTHENTICATION
           
validation_failure_policy
complex
on success

             
client_details
complex
on success

               
client_id
string
on success
Client ID for the OAuth2/OIDC app.

Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
               
client_secret_id
string
on success
The OCID of the Oracle Vault Service secret resource.

Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
               
client_secret_version_number
integer
on success
The version number of the client secret to use.

Sample:
56
               
type
string
on success
To specify where the Client App details should be taken from.

Sample:
VALIDATION_BLOCK
             
fallback_redirect_path
string
on success
The path to be used as fallback after OAuth2.

Sample:
fallback_redirect_path_example
             
logout_path
string
on success
The path to be used as logout.

Sample:
logout_path_example
             
max_expiry_duration_in_hours
integer
on success
The duration for which the OAuth2 success token should be cached before it is fetched again.

Sample:
56
             
response_code
string
on success
HTTP response code, can include context variables.

Sample:
response_code_example
             
response_header_transformations
complex
on success

               
filter_headers
complex
on success

                 
items
complex
on success
The list of headers.

                   
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
                 
type
string
on success
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.

Sample:
ALLOW
               
rename_headers
complex
on success

                 
items
complex
on success
The list of headers.

                   
_from
string
on success
The original case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
_from_example
                   
to
string
on success
The new name of the header. This name must be unique across transformation policies.

Sample:
to_example
               
set_headers
complex
on success

                 
items
complex
on success
The list of headers.

                   
if_exists
string
on success
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.

Sample:
OVERWRITE
                   
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
                   
values
list / elements=string
on success
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.

             
response_message
string
on success
HTTP response message.

Sample:
response_message_example
             
response_type
string
on success
Response Type.

Sample:
CODE
             
scopes
list / elements=string
on success
List of scopes.

             
source_uri_details
complex
on success

               
type
string
on success
Type of the Uri detail.

Sample:
DISCOVERY_URI
               
uri
string
on success
The discovery URI for the auth server.

Sample:
uri_example
             
type
string
on success
Type of the Validation failure Policy.

Sample:
MODIFY_RESPONSE
             
use_cookies_for_intermediate_steps
boolean
on success
Defines whether or not to use cookies for OAuth2 intermediate steps.

Sample:
True
             
use_cookies_for_session
boolean
on success
Defines whether or not to use cookies for session maintenance.

Sample:
True
             
use_pkce
boolean
on success
Defines whether or not to support PKCE.

Sample:
True
           
validation_policy
complex
on success

             
additional_validation_policy
complex
on success

               
audiences
list / elements=string
on success
The list of intended recipients for the token.

               
issuers
list / elements=string
on success
A list of parties that could have issued the token.

               
verify_claims
complex
on success
A list of claims which should be validated to consider the token valid.

                 
is_required
boolean
on success
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.

Sample:
True
                 
key
string
on success
Name of the claim.

Sample:
key_example
                 
values
list / elements=string
on success
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.

             
client_details
complex
on success

               
client_id
string
on success
Client ID for the OAuth2/OIDC app.

Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
               
client_secret_id
string
on success
The OCID of the Oracle Vault Service secret resource.

Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
               
client_secret_version_number
integer
on success
The version number of the client secret to use.

Sample:
56
               
type
string
on success
To specify where the Client App details should be taken from.

Sample:
VALIDATION_BLOCK
             
is_ssl_verify_disabled
boolean
on success
Defines whether or not to uphold SSL verification.

Sample:
True
             
keys
complex
on success
The set of static public keys.

               
alg
string
on success
The algorithm intended for use with this key.

Sample:
alg_example
               
e
string
on success
The base64 url encoded exponent of the RSA public key represented by this key.

Sample:
e_example
               
format
string
on success
The format of the public key.

Sample:
JSON_WEB_KEY
               
key
string
on success
The content of the PEM-encoded public key.

Sample:
key_example
               
key_ops
list / elements=string
on success
The operations for which this key is to be used.

               
kid
string
on success
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".

Sample:
kid_example
               
kty
string
on success
The key type.

Sample:
RSA
               
n
string
on success
The base64 url encoded modulus of the RSA public key represented by this key.

Sample:
n_example
               
use
string
on success
The intended use of the public key.

Sample:
sig
             
max_cache_duration_in_hours
integer
on success
The duration for which the introspect URL response should be cached before it is fetched again.

Sample:
56
             
source_uri_details
complex
on success

               
type
string
on success
Type of the Uri detail.

Sample:
DISCOVERY_URI
               
uri
string
on success
The discovery URI for the auth server.

Sample:
uri_example
             
type
string
on success
Type of the token validation policy.

Sample:
STATIC_KEYS
             
uri
string
on success
The uri from which to retrieve the key. It must be accessible without authentication.

Sample:
uri_example
           
verify_claims
complex
on success
A list of claims which should be validated to consider the token valid.

             
is_required
boolean
on success
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.

Sample:
True
             
key
string
on success
Name of the claim.

Sample:
key_example
             
values
list / elements=string
on success
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.

         
key
complex
on success

           
expression
string
on success
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.

Sample:
expression_example
           
is_default
boolean
on success
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.

Sample:
True
           
name
string
on success
Name assigned to the branch.

Sample:
name_example
           
type
string
on success
Type of the selection key.

Sample:
ANY_OF
           
values
list / elements=string
on success
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.

       
selection_source
complex
on success

         
selector
string
on success
String describing the context variable used as selector.

Sample:
selector_example
         
type
string
on success
Type of the Selection source to use.

Sample:
SINGLE
     
mutual_tls
complex
on success

       
allowed_sans
list / elements=string
on success
Allowed list of CN or SAN which will be used for verification of certificate.

       
is_verified_certificate_required
boolean
on success
Determines whether to enable client verification when API Consumer makes connection to the gateway.

Sample:
True
     
rate_limiting
complex
on success

       
rate_in_requests_per_second
integer
on success
The maximum number of requests per second to allow.

Sample:
56
       
rate_key
string
on success
The key used to group requests together.

Sample:
CLIENT_IP
     
usage_plans
complex
on success

       
token_locations
list / elements=string
on success
A list of context variables specifying where API tokens may be located in a request. Example locations: - "request.headers[token]" - "request.query[token]" - "request.auth[Token]" - "request.path[TOKEN]"

   
routes
complex
on success
A list of routes that this API exposes.

     
backend
complex
on success

       
allowed_post_logout_uris
list / elements=string
on success

       
body
string
on success
The body of the stock response from the mock backend.

Sample:
body_example
       
connect_timeout_in_seconds
float
on success
Defines a timeout for establishing a connection with a proxied server.

Sample:
3.4
       
function_id
string
on success
The OCID of the Oracle Functions function resource.

Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
       
headers
complex
on success
The headers of the stock response from the mock backend.

         
name
string
on success
Name of the header.

Sample:
name_example
         
value
string
on success
Value of the header.

Sample:
value_example
       
is_ssl_verify_disabled
boolean
on success
Defines whether or not to uphold SSL verification.

Sample:
True
       
post_logout_state
string
on success
Defines a state that should be shared on redirecting to postLogout URL.

Sample:
post_logout_state_example
       
read_timeout_in_seconds
float
on success
Defines a timeout for reading a response from the proxied server.

Sample:
3.4
       
routing_backends
complex
on success
List of backends to chose from for Dynamic Routing.

         
backend
complex
on success

           
type
string
on success
Type of the API backend.

Sample:
ORACLE_FUNCTIONS_BACKEND
         
key
complex
on success

           
expression
string
on success
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.

Sample:
expression_example
           
is_default
boolean
on success
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.

Sample:
True
           
name
string
on success
Name assigned to the branch.

Sample:
name_example
           
type
string
on success
Type of the selection key.

Sample:
ANY_OF
           
values
list / elements=string
on success
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.

       
selection_source
complex
on success

         
selector
string
on success
String describing the context variable used as selector.

Sample:
selector_example
         
type
string
on success
Type of the Selection source to use.

Sample:
SINGLE
       
send_timeout_in_seconds
float
on success
Defines a timeout for transmitting a request to the proxied server.

Sample:
3.4
       
status
integer
on success
The status code of the stock response from the mock backend.

Sample:
56
       
type
string
on success
Type of the API backend.

Sample:
ORACLE_FUNCTIONS_BACKEND
       
url
string
on success

Sample:
url_example
     
logging_policies
complex
on success

       
access_log
complex
on success

         
is_enabled
boolean
on success
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.

Sample:
True
       
execution_log
complex
on success

         
is_enabled
boolean
on success
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.

Sample:
True
         
log_level
string
on success
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.

Sample:
INFO
     
methods
list / elements=string
on success
A list of allowed methods on this route.

     
path
string
on success
A URL path pattern that must be matched on this route. The path pattern may contain a subset of RFC 6570 identifiers to allow wildcard and parameterized matching.

Sample:
path_example
     
request_policies
complex
on success

       
authorization
complex
on success

         
allowed_scope
list / elements=string
on success
A user whose scope includes any of these access ranges is allowed on this route. Access ranges are case-sensitive.

         
type
string
on success
Indicates how authorization should be applied. For a type of ANY_OF, an "allowedScope" property must also be specified. Otherwise, only a type is required. For a type of ANONYMOUS, an authenticated API must have the "isAnonymousAccessAllowed" property set to "true" in the authentication policy.

Sample:
ANONYMOUS
       
body_validation
complex
on success

         
content
complex
on success
The content of the request body. The key is a media type range subset restricted to the following schema
key ::= ( / ( "*" "/" "*" ) / ( type "/" "*" ) / ( type "/" subtype ) )
For requests that match multiple keys, only the most specific key is applicable. e.g. `text/plain` overrides `text/*`

           
validation_type
string
on success
Validation type defines the content validation method.
Make the validation to first parse the body as the respective format.

Sample:
NONE
         
required
boolean
on success
Determines if the request body is required in the request.

Sample:
True
         
validation_mode
string
on success
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.

Sample:
ENFORCING
       
cors
complex
on success

         
allowed_headers
list / elements=string
on success
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.

         
allowed_methods
list / elements=string
on success
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.

         
allowed_origins
list / elements=string
on success
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.

         
exposed_headers
list / elements=string
on success
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.

         
is_allow_credentials_enabled
boolean
on success
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.

Sample:
True
         
max_age_in_seconds
integer
on success
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.

Sample:
56
       
header_transformations
complex
on success

         
filter_headers
complex
on success

           
items
complex
on success
The list of headers.

             
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
           
type
string
on success
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.

Sample:
ALLOW
         
rename_headers
complex
on success

           
items
complex
on success
The list of headers.

             
_from
string
on success
The original case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
_from_example
             
to
string
on success
The new name of the header. This name must be unique across transformation policies.

Sample:
to_example
         
set_headers
complex
on success

           
items
complex
on success
The list of headers.

             
if_exists
string
on success
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.

Sample:
OVERWRITE
             
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
             
values
list / elements=string
on success
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.

       
header_validations
complex
on success

         
headers
complex
on success

           
name
string
on success
Parameter name.

Sample:
name_example
           
required
boolean
on success
Determines if the header is required in the request.

Sample:
True
         
validation_mode
string
on success
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.

Sample:
ENFORCING
       
query_parameter_transformations
complex
on success

         
filter_query_parameters
complex
on success

           
items
complex
on success
The list of query parameters.

             
name
string
on success
The case-sensitive name of the query parameter.

Sample:
name_example
           
type
string
on success
BLOCK drops any query parameters that are in the list of items, so it acts as an exclusion list. ALLOW permits only the parameters in the list and removes all others, so it acts as an inclusion list.

Sample:
ALLOW
         
rename_query_parameters
complex
on success

           
items
complex
on success
The list of query parameters.

             
_from
string
on success
The original case-sensitive name of the query parameter. This name must be unique across transformation policies.

Sample:
_from_example
             
to
string
on success
The new name of the query parameter. This name must be unique across transformation policies.

Sample:
to_example
         
set_query_parameters
complex
on success

           
items
complex
on success
The list of query parameters.

             
if_exists
string
on success
If a query parameter with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.

Sample:
OVERWRITE
             
name
string
on success
The case-sensitive name of the query parameter. This name must be unique across transformation policies.

Sample:
name_example
             
values
list / elements=string
on success
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.

       
query_parameter_validations
complex
on success

         
parameters
complex
on success

           
name
string
on success
Parameter name.

Sample:
name_example
           
required
boolean
on success
Determines if the parameter is required in the request.

Sample:
True
         
validation_mode
string
on success
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.

Sample:
ENFORCING
       
response_cache_lookup
complex
on success

         
cache_key_additions
list / elements=string
on success
A list of context expressions whose values will be added to the base cache key. Values should contain an expression enclosed within ${} delimiters. Only the request context is available.

         
is_enabled
boolean
on success
Whether this policy is currently enabled.

Sample:
True
         
is_private_caching_enabled
boolean
on success
Set true to allow caching responses where the request has an Authorization header. Ensure you have configured your cache key additions to get the level of isolation across authenticated requests that you require.
When false, any request with an Authorization header will not be stored in the Response Cache.
If using the CustomAuthenticationPolicy then the tokenHeader/tokenQueryParam are also subject to this check.

Sample:
True
         
type
string
on success
Type of the Response Cache Store Policy.

Sample:
SIMPLE_LOOKUP_POLICY
     
response_policies
complex
on success

       
header_transformations
complex
on success

         
filter_headers
complex
on success

           
items
complex
on success
The list of headers.

             
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
           
type
string
on success
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.

Sample:
ALLOW
         
rename_headers
complex
on success

           
items
complex
on success
The list of headers.

             
_from
string
on success
The original case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
_from_example
             
to
string
on success
The new name of the header. This name must be unique across transformation policies.

Sample:
to_example
         
set_headers
complex
on success

           
items
complex
on success
The list of headers.

             
if_exists
string
on success
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.

Sample:
OVERWRITE
             
name
string
on success
The case-insensitive name of the header. This name must be unique across transformation policies.

Sample:
name_example
             
values
list / elements=string
on success
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.

       
response_cache_store
complex
on success