API Recipes by Topic

Authentication

Topic	Description	Type
Basic authentication to target endpoint	Sample showcasing the generation of basic authentication header values for authentication with target endpoint. Edit the setcredential policy to provide the credentials to be used to connect to the target endpoint	API Proxy
Basic authentication for user credentials, SAML 2.0 Browser Profile Authentication for Target Endpoint	Sample showcasing the enablement of an API proxy with basic authentication. The user name and password is passed in the HTTP header. Authorization is then used to trigger the SAML 2.0 browser profile flow to the target endpoint.	API Proxy
Principal propagation via SAML	Assists you in SAML User propagation from the application to back-end system via SAP API Management	Policy Template
SAML 2.0 browser profile based authentication to target endpoint	Sample showcasing the handling of SAML 2.0 browser profile based authentication to the target endpoing using JavaScript policy	API Proxy
Verify API Key	Sample showcasing the enforcement and verification of API key based access to the API Proxy. Sample contains examples to pass the API key either as header parameter or as query parameter. Variants: Verify API Key Passed as Header \| Verify API Key Passed as Query Psrameter \|	API Proxy
Verify APIKey	Assists you in protecting APIs by Verifying the API Key	Policy Template

Topic	Description	Type
Metadata Cache for Odata APIs	Helps to improve performance of Odata API Proxies by caching metadata across invocations	Policy Template

Topic	Description	Type
Connect to SAP Cloud Foundry services	Helps to manage mircoservices running in cloud foundry using SAP Cloud Platform API Management	Policy Template
Connect to SAP Cloud Platform services	Helps in consuming APIs hosted on SAP Cloud Platform and protected by Cloud Platform OAuth	Policy Template
Connect to SAP Concur	Facilitates easy consumption of Concur APIs protected by OAuth	Policy Template
Connect to SAP SuccessFactors	Helps to consume SAP SuccessFactors APIs protected by OAuth	Policy Template

Topic	Description	Type
Cross-Origin Resource Sharing (CORS)	Sample showcasing the handling of a response with a CORS header. This is helpful in scenarios where the targer server doesn't support sending CORS headers.	API Proxy
CORS	Supports your API to be consumed by the application where CORS support is not available	Policy Template

Topic	Description	Type
Debugging and traceability	Assists in API proxy execution performance assessment	Policy Template

Topic	Description	Type
JSON Threat Protection	Assists you in securing your APIs from JSON threats for APIs managed by API Management	Policy Template
SQL Threat Protection	Sample showcasing the detection of SQL threats in a query parameters and error handling via HTTP 403 Forbidden response.	API Proxy
SQL Threat Protection	Assists you in securing your APIs from SQL threat for APIs managed by API Management	Policy Template
Url Masking	Sample showcasing the masking/rewriting of the target system host, basepath and replacing it with the proxy endpoint host and base path.	API Proxy
URL Masking	Assists in protecting backend system for APIs managed by API Management	Policy Template
XML Threat Protection	Protects APIs from XML threats for APIs managed by API Management	Policy Template

Topic	Description	Type
Quota	Sample showcasing the control the flow of traffic from the client to the target servers using Quota polices. It contains samples to limit the no of calls allowed per developer and also showcases quota violation handling using a HTTP 429 status as per the RFC. Variants: SimpleQuota \| SimpleQuotaPerDeveloper \| QuotaWith429StatusCode \|	API Proxy
Quota With 429 Status Code	Helps to set quota and 429 status message	Policy Template
Spike Arrest	Sample showcasing the throttling of the number of incoming request processed by the API proxy.	API Proxy