User Guide Cancel

Policies in ColdFusion API Manager

  1. ColdFusion Tools User Guide
  2. Performance Monitoring Toolset
    1. Overview of ColdFusion Performance Monitoring Toolset
    2. Auto-discovery of ColdFusion nodes and clusters
    3. Code profiler in ColdFusion Performance Monitoring Toolset
    4. Configure ColdFusion Performance Monitoring Toolset settings
    5. Install ColdFusion Performance Monitoring Toolset
    6. View cloud metrics
    7. Monitor GraphQL in Performance Monitoring Toolset
    8. Configure TLS/SSL and Authentication for Elasticsearch 8.x  in Performance Monitoring Toolset
    9. View cluster and node metrics
    10. View data source metrics
    11. View external services
    12. View incoming services
    13. View list of sites and busy connections
    14. View topology of sites
    15. Datastore Health Monitoring
    16. Performance Monitoring Toolset Update 1
    17. Secure Performance Monitoring Toolset with HTTPS/SSL
    18. Performance Monitoring Toolset deployment guide
  3. Use ColdFusion Builder
    1. About ColdFusion Builder
    2. System requirements | ColdFusion Builder
    3. Install ColdFusion Builder
    4. Edit code in ColdFusion Builder
    5. Manage servers in ColdFusion Builder
    6. Manage projects in ColdFusion Builder
    7. What's new in Adobe ColdFusion Builder (2018 release)
    8. Frequently Asked Questions (FAQ) | Adobe ColdFusion Builder (2018 release)
    9. Debug applications in ColdFusion Builder
    10. ColdFusion Builder workbench
    11. ColdFusion Builder extensions
    12. Debugging Perspective in ColdFusion Builder
    13. Build mobile applications using ColdFusion Builder
    14. Bundled ColdFusion Server
    15. Debug mobile applications in ColdFusion Builder
    16. Use extensions in ColdFusion Builder
  4. Coldfusion API Manager
    1. Overview of Adobe ColdFusion API Manager
    2. Features in ColdFusion API Manager
    3. Get started with ColdFusion API Manager
    4. Install ColdFusion API Manager
    5. Authentication types
    6. Create and publish APIs
    7. Administrator
    8. Subscriber
    9. Throttling and rate limiting
    10. Notifications
    11. Connectors
    12. Set up cluster support
    13. Integrate ColdFusion and API Manager
    14. Metrics and Logging in API Manager
    15. Generate Swagger documents
    16. Configure SSL
    17. Known issues in this release
    18. Policies in ColdFusion API Manager
    19. Create a Redis cluster
    20. Multitenancy in API Manager
    21. Docker images for ColdFusion API Manager

Policies in ColdFusion API Manager

In ColdFusion API Manager, policies allow you to change the behavior of an API by making certain configuration changes. Policies are a collection of commands that are executed sequentially at the request or response of an API.

In API Manager, there are two main categories of policies:

  • Data transformation policies
  • Threat protection policies

Using the Data Transformation policies

REST APIs created with ColdFusion supports multiple representations of a resource. ColdFusion APIs support both XML and JSON representations for the request and response payloads.

But there are APIs that do not support multiple representations. For example, an API may only support an XML payload. But a web application might want the response in a JSON format. Or vice-versa. In such cases, ColdFusion API Manager converts the JSON payload to an XML payload.

In other words, the data transformation policies let you transform the request/response payload from JSON to XML or from XML to JSON.

As an API creator and publisher, you can enforce these policies to an API and convert the responses to the appropriate format before sending a response to the client.

JSON to XML Transformation

To convert a JSON response to XML:

  1. Create a REST API that has a response in JSON format and publish the API.

  2. Click Policies in the left navigation panel and choose JSON to XML Transformation policy. Click Add Policy.

  3. Enter the values in the fields. For more information, refer to the field descriptions.

  4. Create the policy.

  5. Click My APIs in the left navigation panel and click Edit API on the newly created API to modify the API properties.

  6. Click Policies in the left navigation panel and drag the policy into the Response section and click Save.

  7. To test the API, click Test this API.

  8. Choose the resource and click Run API Call. You can see the result in the Response Body section.

    {
        "message": "Hello World",
        "names": [
            "John",
            "Paul",
            "George"
        ],
        "address": {
            "street": "Bleecker street",
            "housenumber": 50
        }
    }

    The XML transformation is as follows:

    <beatles>
     <message>Hello World</message>
     <address>
      <street>Bleecker street</street>
      <housenumber>50</housenumber>
     </address>
     <names>John</names>
     <names>Paul</names>
     <names>George</names>
     <?xml-multiple names?>
    </beatles>

XML to JSON Transformation

To convert an XML response to JSON:

  1. Create a REST API that has a response in XML format and publish the API.

  2. Click Policies in the left navigation panel and choose XML to JSON Transformation policy. Click Add Policy.

  3. Enter the values in the fields. For more information, refer to the field descriptions.

  4. Create the policy.

  5. Click My APIs in the left navigation panel and click Edit API on the newly created API to modify the API properties.Step text

  6. Click Policies in the left navigation panel and drag the policy into the Response section and click Save.

  7. To test the API, click Test this API.

  8. Choose the resources and click Run API Call. You can see the result in the Response Body section.

    <?xml version="1.0" encoding="utf-8"?>
    <IncomeAndHouseValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://ws.cdyne.com/DemographixWS">
      <PlaceInformation>
        <StateAbbrev>NY</StateAbbrev>
        <PlaceID>0036146</PlaceID>
        <Rural>false</Rural>
      </PlaceInformation>
      <Error>false</Error>
      <ErrorString>No Error</ErrorString>
      <MedianIncome>61544</MedianIncome>
      <MedianHouseValue>283600</MedianHouseValue>
    </IncomeAndHouseValue>

    The JSON transformation is as follows:

    {
      "IncomeAndHouseValue": {
        "@xmlns": "http://ws.cdyne.com/DemographixWS",
        "@xmlns:xsd": "http://www.w3.org/2001/XMLSchema",
        "@xmlns:xsi": "http://www.w3.org/2001/XMLSchema-instance",
        "PlaceInformation": {
          "StateAbbrev": "NY",
          "PlaceID": 36146,
          "Rural": false
        },
        "Error": false,
        "ErrorString": "No Error",
        "MedianIncome": 61544,
        "MedianHouseValue": 283600
      }
    }
    

Using the Threat Protection policies

In this example, you will apply a JSON Structure policy on an API and validate the response.

Like most APIs that support XML-based services, APIs that support JSON are vulnerable to content-level attacks. Simple JSON attacks attempt to use structures that overwhelm JSON parsers to crash a service and induce application-level denial-of-service attacks. The JSON Document Structure feature validates and enforces constraints on the structure of JSON documents. When the structure of an incoming JSON document exceeds a specified constraint, the API Gateway rejects the JSON document with error 500 and blocks further processing of the policy.

 

To enforce JSON structure policy:

  1. Create a REST API that has JSON as response. Publish the API.

  2. Edit the API and add a POST operation to a resource.

  3. Add a parameter of type BODY to the resource.

  4. Save your changes.

  5. Go back to the main view, choose Policies->Threat Protection, and choose JSON Structure Limits.

  6. Enter the values, as shown below. Set the maximum key length of a JSON object as 2. 

  7. Click Policies in the left navigation panel and drag the newly created policy in the Request section.

  8. Save the changes. To test the API against the policy, click Test this API in the left navigation panel. Expand the resource with POST and pass the following JSON into the body.

    {
        "names": [
            "John",
            "Paul",
            "George"
        ],
        "address": {
            "street": "Bleecker street",
            "housenumber": 50
        }
    }
    

  9. Click Run API Call. You can see the appropriate response.

Get help faster and easier

New user?