Protect an API by applying a policy from the catalog. Handles multiple starting points: from an existing API Manager instance, from an Exchange asset that needs an instance, or from scratch. Use when the user wants to secure an API, add rate limiting, apply OAuth2, enforce IP allowlisting, or protect any API with a policy — regardless of where they are in the setup process.
Applies a security or traffic management policy to an API and deploys it to a self-managed Flex Gateway, walking through the full process from identifying the target API to selecting a policy, configuring it, and deploying. Supports multiple starting points depending on what the user already has set up — an API Manager instance, an Exchange asset, or just an API URL.
What you'll build: A fully configured policy enforced on your API instance, deployed to a Flex Gateway
Before starting, ensure you have:
Authentication ready
createLogin (POST /accounts/login) from the urn:api:access-management API with body {"username":"...","password":"..."} to obtain a Bearer token first.Organization Id
listMe (GET /accounts/api/me) from urn:api:access-management to get your organization IDorganizationId from $.user.organization.id in the responseOne of the following
This skill has multiple execution paths depending on what you already have:
Full setup: Steps 1, 2, 3, 4, 5, 6, 7
organizationId, API specification fileFrom Exchange asset: Steps 2, 3, 4, 5, 6, 7
organizationId, groupId, assetId, assetVersionApply policy only: Steps 2, 6, 7
organizationId, environmentId, environmentApiIdPublishes your API specification to Exchange as a reusable asset. This makes it available for API Manager to create managed instances from it.
What you'll need:
Action: Create a new asset in Exchange with your API specification.