oracle.oci.oci_apigateway_deployment – Manage a Deployment resource in Oracle Cloud Infrastructure¶
Note
This plugin is part of the oracle.oci collection (version 5.3.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install oracle.oci.
To use it in a playbook, specify: oracle.oci.oci_apigateway_deployment.
New in version 2.9.0: of oracle.oci
Synopsis¶
This module allows the user to create, update and delete a Deployment resource in Oracle Cloud Infrastructure
For state=present, creates a new deployment.
This resource has the following action operations in the oracle.oci.oci_apigateway_deployment_actions module: change_compartment.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 3.6
Python SDK for Oracle Cloud Infrastructure https://oracle-cloud-infrastructure-python-sdk.readthedocs.io
Parameters¶
| Parameter | Choices/Defaults | Comments | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
api_user
string
|
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See
config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||||||||||
|
api_user_fingerprint
string
|
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See
config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm. |
||||||||||
|
api_user_key_file
string
|
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See
config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided. |
||||||||||
|
api_user_key_pass_phrase
string
|
Passphrase used by the key referenced in
api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location). |
||||||||||
|
auth_purpose
string
|
|
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
|
|||||||||
|
auth_type
string
|
|
The type of authentication to use for making API requests. By default
auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance. |
|||||||||
|
cert_bundle
string
|
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
|
||||||||||
|
compartment_id
string
|
The OCID of the compartment in which the resource is created.
Required for create using state=present.
Required for update when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set.Required for delete when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set. |
||||||||||
|
config_file_location
string
|
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
|
||||||||||
|
config_profile_name
string
|
The profile to load from the config file referenced by
config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location. |
||||||||||
|
defined_tags
dictionary
|
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: `{"Operations": {"CostCenter": "42"}}`
This parameter is updatable.
|
||||||||||
|
deployment_id
string
|
The ocid of the deployment.
Required for update using state=present when environment variable
OCI_USE_NAME_AS_IDENTIFIER is not set.Required for delete using state=absent when environment variable
OCI_USE_NAME_AS_IDENTIFIER is not set.aliases: id |
||||||||||
|
display_name
string
|
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
Example: `My new resource`
Required for create, update, delete when environment variable
OCI_USE_NAME_AS_IDENTIFIER is set.This parameter is updatable when
OCI_USE_NAME_AS_IDENTIFIER is not set.aliases: name |
||||||||||
|
force_create
boolean
|
|
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
|
|||||||||
|
freeform_tags
dictionary
|
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: `{"Department": "Finance"}`
This parameter is updatable.
|
||||||||||
|
gateway_id
string
|
The OCID of the resource.
Required for create using state=present.
|
||||||||||
|
key_by
list
/ elements=string
|
The list of attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource are used to uniquely identify a resource.
|
||||||||||
|
path_prefix
string
|
A path on which to deploy all routes contained in the API deployment specification. For more information, see Deploying an API on an API Gateway by Creating an API Deployment.
Required for create using state=present.
|
||||||||||
|
realm_specific_endpoint_template_enabled
boolean
|
|
Enable/Disable realm specific endpoint template for service client. By Default, realm specific endpoint template is disabled. If not set, then the value of the OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED variable, if any, is used.
|
|||||||||
|
region
string
|
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See
config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions. |
||||||||||
|
specification
dictionary
|
Required for create using state=present.
This parameter is updatable.
|
||||||||||
|
logging_policies
dictionary
|
|||||||||||
|
access_log
dictionary
|
|||||||||||
|
is_enabled
boolean
|
|
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
|
|||||||||
|
execution_log
dictionary
|
|||||||||||
|
is_enabled
boolean
|
|
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
|
|||||||||
|
log_level
string
|
|
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.
|
|||||||||
|
request_policies
dictionary
|
|||||||||||
|
authentication
dictionary
|
|||||||||||
|
audiences
list
/ elements=string
|
The list of intended recipients for the token.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
cache_key
list
/ elements=string
|
A list of keys from "parameters" attribute value whose values will be added to the cache key.
Applicable when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
function_id
string
|
The OCID of the Oracle Functions function resource.
Required when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
is_anonymous_access_allowed
boolean
|
|
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
|
|||||||||
|
issuers
list
/ elements=string
|
A list of parties that could have issued the token.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
max_clock_skew_in_seconds
float
|
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'JWT_AUTHENTICATION']
|
||||||||||
|
parameters
dictionary
|
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`
Applicable when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
public_keys
dictionary
|
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
|
Defines whether or not to uphold SSL verification.
Applicable when type is 'REMOTE_JWKS'
|
|||||||||
|
keys
list
/ elements=dictionary
|
The set of static public keys.
Applicable when type is 'STATIC_KEYS'
|
||||||||||
|
alg
string
|
The algorithm intended for use with this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
e
string
|
The base64 url encoded exponent of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
format
string
/ required
|
|
The format of the public key.
|
|||||||||
|
key
string
|
The content of the PEM-encoded public key.
Required when format is 'PEM'
|
||||||||||
|
key_ops
list
/ elements=string
|
|
The operations for which this key is to be used.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
kid
string
/ required
|
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
|
||||||||||
|
kty
string
|
|
The key type.
Required when format is 'JSON_WEB_KEY'
|
|||||||||
|
n
string
|
The base64 url encoded modulus of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
use
string
|
|
The intended use of the public key.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
max_cache_duration_in_hours
integer
|
The duration for which the JWKS should be cached before it is fetched again.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
type
string
/ required
|
|
Type of the public key set.
|
|||||||||
|
uri
string
|
The uri from which to retrieve the key. It must be accessible without authentication.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
token_auth_scheme
string
|
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'JWT_AUTHENTICATION']
|
||||||||||
|
token_header
string
|
The name of the header containing the authentication token.
|
||||||||||
|
token_query_param
string
|
The name of the query parameter containing the authentication token.
|
||||||||||
|
type
string
/ required
|
|
Type of the authentication policy to use.
|
|||||||||
|
validation_failure_policy
dictionary
|
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'CUSTOM_AUTHENTICATION']
|
||||||||||
|
client_details
dictionary
|
Required when type is 'OAUTH2'
|
||||||||||
|
client_id
string
|
Client ID for the OAuth2/OIDC app.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_id
string
|
The OCID of the Oracle Vault Service secret resource.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_version_number
integer
|
The version number of the client secret to use.
Required when type is 'CUSTOM'
|
||||||||||
|
type
string
/ required
|
|
To specify where the Client App details should be taken from.
|
|||||||||
|
fallback_redirect_path
string
|
The path to be used as fallback after OAuth2.
Applicable when type is 'OAUTH2'
|
||||||||||
|
logout_path
string
|
The path to be used as logout.
Applicable when type is 'OAUTH2'
|
||||||||||
|
max_expiry_duration_in_hours
integer
|
The duration for which the OAuth2 success token should be cached before it is fetched again.
Applicable when type is 'OAUTH2'
|
||||||||||
|
response_code
string
|
HTTP response code, can include context variables.
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_header_transformations
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
filter_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
type
string
/ required
|
|
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Required when type is 'MODIFY_RESPONSE'
|
|||||||||
|
rename_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
_from
string
/ required
|
The original case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
to
string
/ required
|
The new name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
set_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
if_exists
string
|
|
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Applicable when type is 'MODIFY_RESPONSE'
|
|||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
values
list
/ elements=string / required
|
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_message
string
|
HTTP response message.
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_type
string
|
|
Response Type.
Required when type is 'OAUTH2'
|
|||||||||
|
scopes
list
/ elements=string
|
List of scopes.
Required when type is 'OAUTH2'
|
||||||||||
|
source_uri_details
dictionary
|
Required when type is 'OAUTH2'
|
||||||||||
|
type
string
/ required
|
|
Type of the Uri detail.
|
|||||||||
|
uri
string
|
The discovery URI for the auth server.
Required when type is 'DISCOVERY_URI'
|
||||||||||
|
type
string
/ required
|
|
Type of the Validation failure Policy.
|
|||||||||
|
use_cookies_for_intermediate_steps
boolean
|
|
Defines whether or not to use cookies for OAuth2 intermediate steps.
Applicable when type is 'OAUTH2'
|
|||||||||
|
use_cookies_for_session
boolean
|
|
Defines whether or not to use cookies for session maintenance.
Applicable when type is 'OAUTH2'
|
|||||||||
|
use_pkce
boolean
|
|
Defines whether or not to support PKCE.
Applicable when type is 'OAUTH2'
|
|||||||||
|
validation_policy
dictionary
|
Required when type is 'TOKEN_AUTHENTICATION'
|
||||||||||
|
additional_validation_policy
dictionary
|
|||||||||||
|
audiences
list
/ elements=string
|
The list of intended recipients for the token.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
issuers
list
/ elements=string
|
A list of parties that could have issued the token.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
verify_claims
list
/ elements=dictionary
|
A list of claims which should be validated to consider the token valid.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
is_required
boolean
|
|
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Applicable when type is 'REMOTE_JWKS'
|
|||||||||
|
key
string
/ required
|
Name of the claim.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
values
list
/ elements=string
|
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
client_details
dictionary
|
Required when type is 'REMOTE_DISCOVERY'
|
||||||||||
|
client_id
string
|
Client ID for the OAuth2/OIDC app.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_id
string
|
The OCID of the Oracle Vault Service secret resource.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_version_number
integer
|
The version number of the client secret to use.
Required when type is 'CUSTOM'
|
||||||||||
|
type
string
/ required
|
|
To specify where the Client App details should be taken from.
|
|||||||||
|
is_ssl_verify_disabled
boolean
|
|
Defines whether or not to uphold SSL verification.
Applicable when type is one of ['REMOTE_JWKS', 'REMOTE_DISCOVERY']
|
|||||||||
|
keys
list
/ elements=dictionary
|
The set of static public keys.
Applicable when type is 'STATIC_KEYS'
|
||||||||||
|
alg
string
|
The algorithm intended for use with this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
e
string
|
The base64 url encoded exponent of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
format
string
/ required
|
|
The format of the public key.
|
|||||||||
|
key
string
|
The content of the PEM-encoded public key.
Required when format is 'PEM'
|
||||||||||
|
key_ops
list
/ elements=string
|
|
The operations for which this key is to be used.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
kid
string
/ required
|
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
|
||||||||||
|
kty
string
|
|
The key type.
Required when format is 'JSON_WEB_KEY'
|
|||||||||
|
n
string
|
The base64 url encoded modulus of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
use
string
|
|
The intended use of the public key.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
max_cache_duration_in_hours
integer
|
The duration for which the JWKS should be cached before it is fetched again.
Applicable when type is one of ['REMOTE_JWKS', 'REMOTE_DISCOVERY']
|
||||||||||
|
source_uri_details
dictionary
|
Required when type is 'REMOTE_DISCOVERY'
|
||||||||||
|
type
string
/ required
|
|
Type of the Uri detail.
|
|||||||||
|
uri
string
|
The discovery URI for the auth server.
Required when type is 'DISCOVERY_URI'
|
||||||||||
|
type
string
/ required
|
|
Type of the token validation policy.
|
|||||||||
|
uri
string
|
The uri from which to retrieve the key. It must be accessible without authentication.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
verify_claims
list
/ elements=dictionary
|
A list of claims which should be validated to consider the token valid.
Applicable when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
is_required
boolean
|
|
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Applicable when type is 'JWT_AUTHENTICATION'
|
|||||||||
|
key
string
/ required
|
Name of the claim.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
values
list
/ elements=string
|
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
Applicable when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
cors
dictionary
|
|||||||||||
|
allowed_headers
list
/ elements=string
|
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.
|
||||||||||
|
allowed_methods
list
/ elements=string
|
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.
|
||||||||||
|
allowed_origins
list
/ elements=string / required
|
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.
|
||||||||||
|
exposed_headers
list
/ elements=string
|
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.
|
||||||||||
|
is_allow_credentials_enabled
boolean
|
|
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.
|
|||||||||
|
max_age_in_seconds
integer
|
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.
|
||||||||||
|
dynamic_authentication
dictionary
|
|||||||||||
|
authentication_servers
list
/ elements=dictionary / required
|
List of authentication servers to choose from during dynamic authentication.
|
||||||||||
|
authentication_server_detail
dictionary
/ required
|
|||||||||||
|
audiences
list
/ elements=string
|
The list of intended recipients for the token.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
cache_key
list
/ elements=string
|
A list of keys from "parameters" attribute value whose values will be added to the cache key.
Applicable when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
function_id
string
|
The OCID of the Oracle Functions function resource.
Required when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
is_anonymous_access_allowed
boolean
|
|
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
|
|||||||||
|
issuers
list
/ elements=string
|
A list of parties that could have issued the token.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
max_clock_skew_in_seconds
float
|
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'JWT_AUTHENTICATION']
|
||||||||||
|
parameters
dictionary
|
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`
Applicable when type is 'CUSTOM_AUTHENTICATION'
|
||||||||||
|
public_keys
dictionary
|
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
|
Defines whether or not to uphold SSL verification.
Applicable when type is 'REMOTE_JWKS'
|
|||||||||
|
keys
list
/ elements=dictionary
|
The set of static public keys.
Applicable when type is 'STATIC_KEYS'
|
||||||||||
|
alg
string
|
The algorithm intended for use with this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
e
string
|
The base64 url encoded exponent of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
format
string
/ required
|
|
The format of the public key.
|
|||||||||
|
key
string
|
The content of the PEM-encoded public key.
Required when format is 'PEM'
|
||||||||||
|
key_ops
list
/ elements=string
|
|
The operations for which this key is to be used.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
kid
string
/ required
|
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
|
||||||||||
|
kty
string
|
|
The key type.
Required when format is 'JSON_WEB_KEY'
|
|||||||||
|
n
string
|
The base64 url encoded modulus of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
use
string
|
|
The intended use of the public key.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
max_cache_duration_in_hours
integer
|
The duration for which the JWKS should be cached before it is fetched again.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
type
string
/ required
|
|
Type of the public key set.
|
|||||||||
|
uri
string
|
The uri from which to retrieve the key. It must be accessible without authentication.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
token_auth_scheme
string
|
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'JWT_AUTHENTICATION']
|
||||||||||
|
token_header
string
|
The name of the header containing the authentication token.
|
||||||||||
|
token_query_param
string
|
The name of the query parameter containing the authentication token.
|
||||||||||
|
type
string
/ required
|
|
Type of the authentication policy to use.
|
|||||||||
|
validation_failure_policy
dictionary
|
Applicable when type is one of ['TOKEN_AUTHENTICATION', 'CUSTOM_AUTHENTICATION']
|
||||||||||
|
client_details
dictionary
|
Required when type is 'OAUTH2'
|
||||||||||
|
client_id
string
|
Client ID for the OAuth2/OIDC app.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_id
string
|
The OCID of the Oracle Vault Service secret resource.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_version_number
integer
|
The version number of the client secret to use.
Required when type is 'CUSTOM'
|
||||||||||
|
type
string
/ required
|
|
To specify where the Client App details should be taken from.
|
|||||||||
|
fallback_redirect_path
string
|
The path to be used as fallback after OAuth2.
Applicable when type is 'OAUTH2'
|
||||||||||
|
logout_path
string
|
The path to be used as logout.
Applicable when type is 'OAUTH2'
|
||||||||||
|
max_expiry_duration_in_hours
integer
|
The duration for which the OAuth2 success token should be cached before it is fetched again.
Applicable when type is 'OAUTH2'
|
||||||||||
|
response_code
string
|
HTTP response code, can include context variables.
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_header_transformations
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
filter_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
type
string
/ required
|
|
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Required when type is 'MODIFY_RESPONSE'
|
|||||||||
|
rename_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
_from
string
/ required
|
The original case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
to
string
/ required
|
The new name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
set_headers
dictionary
|
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
if_exists
string
|
|
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Applicable when type is 'MODIFY_RESPONSE'
|
|||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
values
list
/ elements=string / required
|
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
Required when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_message
string
|
HTTP response message.
Applicable when type is 'MODIFY_RESPONSE'
|
||||||||||
|
response_type
string
|
|
Response Type.
Required when type is 'OAUTH2'
|
|||||||||
|
scopes
list
/ elements=string
|
List of scopes.
Required when type is 'OAUTH2'
|
||||||||||
|
source_uri_details
dictionary
|
Required when type is 'OAUTH2'
|
||||||||||
|
type
string
/ required
|
|
Type of the Uri detail.
|
|||||||||
|
uri
string
|
The discovery URI for the auth server.
Required when type is 'DISCOVERY_URI'
|
||||||||||
|
type
string
/ required
|
|
Type of the Validation failure Policy.
|
|||||||||
|
use_cookies_for_intermediate_steps
boolean
|
|
Defines whether or not to use cookies for OAuth2 intermediate steps.
Applicable when type is 'OAUTH2'
|
|||||||||
|
use_cookies_for_session
boolean
|
|
Defines whether or not to use cookies for session maintenance.
Applicable when type is 'OAUTH2'
|
|||||||||
|
use_pkce
boolean
|
|
Defines whether or not to support PKCE.
Applicable when type is 'OAUTH2'
|
|||||||||
|
validation_policy
dictionary
|
Required when type is 'TOKEN_AUTHENTICATION'
|
||||||||||
|
additional_validation_policy
dictionary
|
|||||||||||
|
audiences
list
/ elements=string
|
The list of intended recipients for the token.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
issuers
list
/ elements=string
|
A list of parties that could have issued the token.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
verify_claims
list
/ elements=dictionary
|
A list of claims which should be validated to consider the token valid.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
is_required
boolean
|
|
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Applicable when type is 'REMOTE_JWKS'
|
|||||||||
|
key
string
/ required
|
Name of the claim.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
values
list
/ elements=string
|
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
Applicable when type is 'REMOTE_JWKS'
|
||||||||||
|
client_details
dictionary
|
Required when type is 'REMOTE_DISCOVERY'
|
||||||||||
|
client_id
string
|
Client ID for the OAuth2/OIDC app.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_id
string
|
The OCID of the Oracle Vault Service secret resource.
Required when type is 'CUSTOM'
|
||||||||||
|
client_secret_version_number
integer
|
The version number of the client secret to use.
Required when type is 'CUSTOM'
|
||||||||||
|
type
string
/ required
|
|
To specify where the Client App details should be taken from.
|
|||||||||
|
is_ssl_verify_disabled
boolean
|
|
Defines whether or not to uphold SSL verification.
Applicable when type is one of ['REMOTE_JWKS', 'REMOTE_DISCOVERY']
|
|||||||||
|
keys
list
/ elements=dictionary
|
The set of static public keys.
Applicable when type is 'STATIC_KEYS'
|
||||||||||
|
alg
string
|
The algorithm intended for use with this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
e
string
|
The base64 url encoded exponent of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
format
string
/ required
|
|
The format of the public key.
|
|||||||||
|
key
string
|
The content of the PEM-encoded public key.
Required when format is 'PEM'
|
||||||||||
|
key_ops
list
/ elements=string
|
|
The operations for which this key is to be used.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
kid
string
/ required
|
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
|
||||||||||
|
kty
string
|
|
The key type.
Required when format is 'JSON_WEB_KEY'
|
|||||||||
|
n
string
|
The base64 url encoded modulus of the RSA public key represented by this key.
Required when format is 'JSON_WEB_KEY'
|
||||||||||
|
use
string
|
|
The intended use of the public key.
Applicable when format is 'JSON_WEB_KEY'
|
|||||||||
|
max_cache_duration_in_hours
integer
|
The duration for which the JWKS should be cached before it is fetched again.
Applicable when type is one of ['REMOTE_JWKS', 'REMOTE_DISCOVERY']
|
||||||||||
|
source_uri_details
dictionary
|
Required when type is 'REMOTE_DISCOVERY'
|
||||||||||
|
type
string
/ required
|
|
Type of the Uri detail.
|
|||||||||
|
uri
string
|
The discovery URI for the auth server.
Required when type is 'DISCOVERY_URI'
|
||||||||||
|
type
string
/ required
|
|
Type of the token validation policy.
|
|||||||||
|
uri
string
|
The uri from which to retrieve the key. It must be accessible without authentication.
Required when type is 'REMOTE_JWKS'
|
||||||||||
|
verify_claims
list
/ elements=dictionary
|
A list of claims which should be validated to consider the token valid.
Applicable when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
is_required
boolean
|
|
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Applicable when type is 'JWT_AUTHENTICATION'
|
|||||||||
|
key
string
/ required
|
Name of the claim.
Required when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
values
list
/ elements=string
|
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
Applicable when type is 'JWT_AUTHENTICATION'
|
||||||||||
|
key
dictionary
/ required
|
|||||||||||
|
expression
string
|
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.
Required when type is 'WILDCARD'
|
||||||||||
|
is_default
boolean
|
|
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.
|
|||||||||
|
name
string
/ required
|
Name assigned to the branch.
|
||||||||||
|
type
string
|
|
Type of the selection key.
|
|||||||||
|
values
list
/ elements=string
|
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.
Applicable when type is 'ANY_OF'
|
||||||||||
|
selection_source
dictionary
/ required
|
|||||||||||
|
selector
string
/ required
|
String describing the context variable used as selector.
|
||||||||||
|
type
string
|
|
Type of the Selection source to use.
|
|||||||||
|
mutual_tls
dictionary
|
|||||||||||
|
allowed_sans
list
/ elements=string
|
Allowed list of CN or SAN which will be used for verification of certificate.
|
||||||||||
|
is_verified_certificate_required
boolean
|
|
Determines whether to enable client verification when API Consumer makes connection to the gateway.
|
|||||||||
|
rate_limiting
dictionary
|
|||||||||||
|
rate_in_requests_per_second
integer
/ required
|
The maximum number of requests per second to allow.
|
||||||||||
|
rate_key
string
/ required
|
|
The key used to group requests together.
|
|||||||||
|
usage_plans
dictionary
|
|||||||||||
|
token_locations
list
/ elements=string / required
|
A list of context variables specifying where API tokens may be located in a request. Example locations: - "request.headers[token]" - "request.query[token]" - "request.auth[Token]" - "request.path[TOKEN]"
|
||||||||||
|
routes
list
/ elements=dictionary
|
A list of routes that this API exposes.
|
||||||||||
|
backend
dictionary
/ required
|
|||||||||||
|
allowed_post_logout_uris
list
/ elements=string
|
Applicable when type is 'OAUTH2_LOGOUT_BACKEND'
|
||||||||||
|
body
string
|
The body of the stock response from the mock backend.
Applicable when type is 'STOCK_RESPONSE_BACKEND'
|
||||||||||
|
connect_timeout_in_seconds
float
|
Defines a timeout for establishing a connection with a proxied server.
Applicable when type is 'HTTP_BACKEND'
|
||||||||||
|
function_id
string
|
The OCID of the Oracle Functions function resource.
Required when type is 'ORACLE_FUNCTIONS_BACKEND'
|
||||||||||
|
headers
list
/ elements=dictionary
|
The headers of the stock response from the mock backend.
Applicable when type is 'STOCK_RESPONSE_BACKEND'
|
||||||||||
|
name
string
|
Name of the header.
Applicable when type is 'STOCK_RESPONSE_BACKEND'
|
||||||||||
|
value
string
|
Value of the header.
Applicable when type is 'STOCK_RESPONSE_BACKEND'
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
|
Defines whether or not to uphold SSL verification.
Applicable when type is 'HTTP_BACKEND'
|
|||||||||
|
post_logout_state
string
|
Defines a state that should be shared on redirecting to postLogout URL.
Applicable when type is 'OAUTH2_LOGOUT_BACKEND'
|
||||||||||
|
read_timeout_in_seconds
float
|
Defines a timeout for reading a response from the proxied server.
Applicable when type is 'HTTP_BACKEND'
|
||||||||||
|
routing_backends
list
/ elements=dictionary
|
List of backends to chose from for Dynamic Routing.
Required when type is 'DYNAMIC_ROUTING_BACKEND'
|
||||||||||
|
backend
dictionary
/ required
|
Required when type is 'DYNAMIC_ROUTING_BACKEND'
|
||||||||||
|
type
string
/ required
|
|
Type of the API backend.
|
|||||||||
|
key
dictionary
/ required
|
Required when type is 'DYNAMIC_ROUTING_BACKEND'
|
||||||||||
|
expression
string
|
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.
Required when type is 'WILDCARD'
|
||||||||||
|
is_default
boolean
|
|
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.
|
|||||||||
|
name
string
/ required
|
Name assigned to the branch.
|
||||||||||
|
type
string
|
|
Type of the selection key.
|
|||||||||
|
values
list
/ elements=string
|
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.
Applicable when type is 'ANY_OF'
|
||||||||||
|
selection_source
dictionary
|
Required when type is 'DYNAMIC_ROUTING_BACKEND'
|
||||||||||
|
selector
string
/ required
|
String describing the context variable used as selector.
|
||||||||||
|
type
string
|
|
Type of the Selection source to use.
|
|||||||||
|
send_timeout_in_seconds
float
|
Defines a timeout for transmitting a request to the proxied server.
Applicable when type is 'HTTP_BACKEND'
|
||||||||||
|
status
integer
|
The status code of the stock response from the mock backend.
Required when type is 'STOCK_RESPONSE_BACKEND'
|
||||||||||
|
type
string
/ required
|
|
Type of the API backend.
|
|||||||||
|
url
string
|
Required when type is 'HTTP_BACKEND'
|
||||||||||
|
logging_policies
dictionary
|
|||||||||||
|
access_log
dictionary
|
|||||||||||
|
is_enabled
boolean
|
|
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
|
|||||||||
|
execution_log
dictionary
|
|||||||||||
|
is_enabled
boolean
|
|
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
|
|||||||||
|
log_level
string
|
|
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.
|
|||||||||
|
methods
list
/ elements=string
|
|
A list of allowed methods on this route.
|
|||||||||
|
path
string
/ required
|
A URL path pattern that must be matched on this route. The path pattern may contain a subset of RFC 6570 identifiers to allow wildcard and parameterized matching.
|
||||||||||
|
request_policies
dictionary
|
|||||||||||
|
authorization
dictionary
|
|||||||||||
|
allowed_scope
list
/ elements=string
|
A user whose scope includes any of these access ranges is allowed on this route. Access ranges are case-sensitive.
Required when type is 'ANY_OF'
|
||||||||||
|
type
string
|
|
Indicates how authorization should be applied. For a type of ANY_OF, an "allowedScope" property must also be specified. Otherwise, only a type is required. For a type of ANONYMOUS, an authenticated API must have the "isAnonymousAccessAllowed" property set to "true" in the authentication policy.
|
|||||||||
|
body_validation
dictionary
|
|||||||||||
|
content
dictionary
/ required
|
The content of the request body. The key is a media type range subset restricted to the following schema
key ::= ( / ( "*" "/" "*" ) / ( type "/" "*" ) / ( type "/" subtype ) )
For requests that match multiple keys, only the most specific key is applicable. e.g. `text/plain` overrides `text/*`
|
||||||||||
|
validation_type
string
|
|
Validation type defines the content validation method.
Make the validation to first parse the body as the respective format.
|
|||||||||
|
required
boolean
|
|
Determines if the request body is required in the request.
|
|||||||||
|
validation_mode
string
|
|
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
|
|||||||||
|
cors
dictionary
|
|||||||||||
|
allowed_headers
list
/ elements=string
|
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.
|
||||||||||
|
allowed_methods
list
/ elements=string
|
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.
|
||||||||||
|
allowed_origins
list
/ elements=string / required
|
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.
|
||||||||||
|
exposed_headers
list
/ elements=string
|
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.
|
||||||||||
|
is_allow_credentials_enabled
boolean
|
|
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.
|
|||||||||
|
max_age_in_seconds
integer
|
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.
|
||||||||||
|
header_transformations
dictionary
|
|||||||||||
|
filter_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
type
string
/ required
|
|
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
|
|||||||||
|
rename_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
_from
string
/ required
|
The original case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
to
string
/ required
|
The new name of the header. This name must be unique across transformation policies.
|
||||||||||
|
set_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
if_exists
string
|
|
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
|
|||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
values
list
/ elements=string / required
|
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
header_validations
dictionary
|
|||||||||||
|
headers
list
/ elements=dictionary
|
|||||||||||
|
name
string
/ required
|
Parameter name.
|
||||||||||
|
required
boolean
|
|
Determines if the header is required in the request.
|
|||||||||
|
validation_mode
string
|
|
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
|
|||||||||
|
query_parameter_transformations
dictionary
|
|||||||||||
|
filter_query_parameters
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of query parameters.
|
||||||||||
|
name
string
/ required
|
The case-sensitive name of the query parameter.
|
||||||||||
|
type
string
/ required
|
|
BLOCK drops any query parameters that are in the list of items, so it acts as an exclusion list. ALLOW permits only the parameters in the list and removes all others, so it acts as an inclusion list.
|
|||||||||
|
rename_query_parameters
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of query parameters.
|
||||||||||
|
_from
string
/ required
|
The original case-sensitive name of the query parameter. This name must be unique across transformation policies.
|
||||||||||
|
to
string
/ required
|
The new name of the query parameter. This name must be unique across transformation policies.
|
||||||||||
|
set_query_parameters
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of query parameters.
|
||||||||||
|
if_exists
string
|
|
If a query parameter with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
|
|||||||||
|
name
string
/ required
|
The case-sensitive name of the query parameter. This name must be unique across transformation policies.
|
||||||||||
|
values
list
/ elements=string / required
|
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
query_parameter_validations
dictionary
|
|||||||||||
|
parameters
list
/ elements=dictionary
|
|||||||||||
|
name
string
/ required
|
Parameter name.
|
||||||||||
|
required
boolean
|
|
Determines if the parameter is required in the request.
|
|||||||||
|
validation_mode
string
|
|
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
|
|||||||||
|
response_cache_lookup
dictionary
|
|||||||||||
|
cache_key_additions
list
/ elements=string
|
A list of context expressions whose values will be added to the base cache key. Values should contain an expression enclosed within ${} delimiters. Only the request context is available.
|
||||||||||
|
is_enabled
boolean
|
|
Whether this policy is currently enabled.
|
|||||||||
|
is_private_caching_enabled
boolean
|
|
Set true to allow caching responses where the request has an Authorization header. Ensure you have configured your cache key additions to get the level of isolation across authenticated requests that you require.
When false, any request with an Authorization header will not be stored in the Response Cache.
If using the CustomAuthenticationPolicy then the tokenHeader/tokenQueryParam are also subject to this check.
|
|||||||||
|
type
string
/ required
|
|
Type of the Response Cache Store Policy.
|
|||||||||
|
response_policies
dictionary
|
|||||||||||
|
header_transformations
dictionary
|
|||||||||||
|
filter_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
type
string
/ required
|
|
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
|
|||||||||
|
rename_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
_from
string
/ required
|
The original case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
to
string
/ required
|
The new name of the header. This name must be unique across transformation policies.
|
||||||||||
|
set_headers
dictionary
|
|||||||||||
|
items
list
/ elements=dictionary / required
|
The list of headers.
|
||||||||||
|
if_exists
string
|
|
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
|
|||||||||
|
name
string
/ required
|
The case-insensitive name of the header. This name must be unique across transformation policies.
|
||||||||||
|
values
list
/ elements=string / required
|
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
response_cache_store
dictionary
|
|||||||||||
|
time_to_live_in_seconds
integer
/ required
|
Sets the number of seconds for a response from a backend being stored in the Response Cache before it expires.
|
||||||||||
|
type
string
/ required
|
|
Type of the Response Cache Store Policy.
|
|||||||||
|
state
string
|
|
The state of the Deployment.
Use state=present to create or update a Deployment.
Use state=absent to delete a Deployment.
|
|||||||||
|
tenancy
string
|
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See
config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm |
||||||||||
|
wait
boolean
|
|
Whether to wait for create or delete operation to complete.
|
|||||||||
|
wait_timeout
integer
|
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.
|
||||||||||
Notes¶
Note
For OCI python sdk configuration, please refer to https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/configuration.html
Examples¶
- name: Create deployment
oci_apigateway_deployment:
# required
gateway_id: "ocid1.gateway.oc1..xxxxxxEXAMPLExxxxxx"
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
path_prefix: path_prefix_example
specification:
# optional
request_policies:
# optional
authentication:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
rate_limiting:
# required
rate_in_requests_per_second: 56
rate_key: CLIENT_IP
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
mutual_tls:
# optional
is_verified_certificate_required: true
allowed_sans: [ "allowed_sans_example" ]
usage_plans:
# required
token_locations: [ "token_locations_example" ]
dynamic_authentication:
# required
selection_source:
# required
selector: selector_example
# optional
type: SINGLE
authentication_servers:
- # required
key:
# required
expression: expression_example
type: WILDCARD
name: name_example
# optional
is_default: true
authentication_server_detail:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
routes:
- # required
path: path_example
backend:
# required
type: OAUTH2_LOGOUT_BACKEND
# optional
allowed_post_logout_uris: [ "allowed_post_logout_uris_example" ]
post_logout_state: post_logout_state_example
# optional
methods: [ "ANY" ]
request_policies:
# optional
authorization:
# required
allowed_scope: [ "allowed_scope_example" ]
type: ANY_OF
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
query_parameter_validations:
# optional
parameters:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
header_validations:
# optional
headers:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
body_validation:
# required
content:
# optional
validation_type: NONE
# optional
required: true
validation_mode: ENFORCING
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
query_parameter_transformations:
# optional
set_query_parameters:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_query_parameters:
# required
items:
- # required
_from: _from_example
to: to_example
filter_query_parameters:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_lookup:
# required
type: SIMPLE_LOOKUP_POLICY
# optional
is_enabled: true
is_private_caching_enabled: true
cache_key_additions: [ "cache_key_additions_example" ]
response_policies:
# optional
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_store:
# required
type: FIXED_TTL_STORE_POLICY
time_to_live_in_seconds: 56
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
# optional
display_name: display_name_example
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update deployment
oci_apigateway_deployment:
# required
deployment_id: "ocid1.deployment.oc1..xxxxxxEXAMPLExxxxxx"
# optional
display_name: display_name_example
specification:
# optional
request_policies:
# optional
authentication:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
rate_limiting:
# required
rate_in_requests_per_second: 56
rate_key: CLIENT_IP
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
mutual_tls:
# optional
is_verified_certificate_required: true
allowed_sans: [ "allowed_sans_example" ]
usage_plans:
# required
token_locations: [ "token_locations_example" ]
dynamic_authentication:
# required
selection_source:
# required
selector: selector_example
# optional
type: SINGLE
authentication_servers:
- # required
key:
# required
expression: expression_example
type: WILDCARD
name: name_example
# optional
is_default: true
authentication_server_detail:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
routes:
- # required
path: path_example
backend:
# required
type: OAUTH2_LOGOUT_BACKEND
# optional
allowed_post_logout_uris: [ "allowed_post_logout_uris_example" ]
post_logout_state: post_logout_state_example
# optional
methods: [ "ANY" ]
request_policies:
# optional
authorization:
# required
allowed_scope: [ "allowed_scope_example" ]
type: ANY_OF
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
query_parameter_validations:
# optional
parameters:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
header_validations:
# optional
headers:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
body_validation:
# required
content:
# optional
validation_type: NONE
# optional
required: true
validation_mode: ENFORCING
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
query_parameter_transformations:
# optional
set_query_parameters:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_query_parameters:
# required
items:
- # required
_from: _from_example
to: to_example
filter_query_parameters:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_lookup:
# required
type: SIMPLE_LOOKUP_POLICY
# optional
is_enabled: true
is_private_caching_enabled: true
cache_key_additions: [ "cache_key_additions_example" ]
response_policies:
# optional
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_store:
# required
type: FIXED_TTL_STORE_POLICY
time_to_live_in_seconds: 56
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Update deployment using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set)
oci_apigateway_deployment:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
display_name: display_name_example
# optional
specification:
# optional
request_policies:
# optional
authentication:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
rate_limiting:
# required
rate_in_requests_per_second: 56
rate_key: CLIENT_IP
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
mutual_tls:
# optional
is_verified_certificate_required: true
allowed_sans: [ "allowed_sans_example" ]
usage_plans:
# required
token_locations: [ "token_locations_example" ]
dynamic_authentication:
# required
selection_source:
# required
selector: selector_example
# optional
type: SINGLE
authentication_servers:
- # required
key:
# required
expression: expression_example
type: WILDCARD
name: name_example
# optional
is_default: true
authentication_server_detail:
# required
validation_policy:
# required
uri: uri_example
type: REMOTE_JWKS
# optional
is_ssl_verify_disabled: true
max_cache_duration_in_hours: 56
additional_validation_policy:
# optional
issuers: [ "issuers_example" ]
audiences: [ "audiences_example" ]
verify_claims:
- # required
key: key_example
# optional
values: [ "values_example" ]
is_required: true
type: TOKEN_AUTHENTICATION
# optional
token_auth_scheme: token_auth_scheme_example
max_clock_skew_in_seconds: 3.4
is_anonymous_access_allowed: true
token_header: token_header_example
token_query_param: token_query_param_example
validation_failure_policy:
# required
type: MODIFY_RESPONSE
# optional
response_code: response_code_example
response_message: response_message_example
response_header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
routes:
- # required
path: path_example
backend:
# required
type: OAUTH2_LOGOUT_BACKEND
# optional
allowed_post_logout_uris: [ "allowed_post_logout_uris_example" ]
post_logout_state: post_logout_state_example
# optional
methods: [ "ANY" ]
request_policies:
# optional
authorization:
# required
allowed_scope: [ "allowed_scope_example" ]
type: ANY_OF
cors:
# required
allowed_origins: [ "allowed_origins_example" ]
# optional
allowed_methods: [ "allowed_methods_example" ]
allowed_headers: [ "allowed_headers_example" ]
exposed_headers: [ "exposed_headers_example" ]
is_allow_credentials_enabled: true
max_age_in_seconds: 56
query_parameter_validations:
# optional
parameters:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
header_validations:
# optional
headers:
- # required
name: name_example
# optional
required: true
validation_mode: ENFORCING
body_validation:
# required
content:
# optional
validation_type: NONE
# optional
required: true
validation_mode: ENFORCING
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
query_parameter_transformations:
# optional
set_query_parameters:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_query_parameters:
# required
items:
- # required
_from: _from_example
to: to_example
filter_query_parameters:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_lookup:
# required
type: SIMPLE_LOOKUP_POLICY
# optional
is_enabled: true
is_private_caching_enabled: true
cache_key_additions: [ "cache_key_additions_example" ]
response_policies:
# optional
header_transformations:
# optional
set_headers:
# required
items:
- # required
name: name_example
values: [ "values_example" ]
# optional
if_exists: OVERWRITE
rename_headers:
# required
items:
- # required
_from: _from_example
to: to_example
filter_headers:
# required
type: ALLOW
items:
- # required
name: name_example
response_cache_store:
# required
type: FIXED_TTL_STORE_POLICY
time_to_live_in_seconds: 56
logging_policies:
# optional
access_log:
# optional
is_enabled: true
execution_log:
# optional
is_enabled: true
log_level: INFO
freeform_tags: {'Department': 'Finance'}
defined_tags: {'Operations': {'CostCenter': 'US'}}
- name: Delete deployment
oci_apigateway_deployment:
# required
deployment_id: "ocid1.deployment.oc1..xxxxxxEXAMPLExxxxxx"
state: absent
- name: Delete deployment using name (when environment variable OCI_USE_NAME_AS_IDENTIFIER is set)
oci_apigateway_deployment:
# required
compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx"
display_name: display_name_example
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
deployment
complex
|
on success |
Details of the Deployment resource acted upon by the current operation
Sample:
{'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'display_name': 'display_name_example', 'endpoint': 'endpoint_example', 'freeform_tags': {'Department': 'Finance'}, 'gateway_id': 'ocid1.gateway.oc1..xxxxxxEXAMPLExxxxxx', 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'lifecycle_details': 'lifecycle_details_example', 'lifecycle_state': 'CREATING', 'path_prefix': 'path_prefix_example', 'specification': {'logging_policies': {'access_log': {'is_enabled': True}, 'execution_log': {'is_enabled': True, 'log_level': 'INFO'}}, 'request_policies': {'authentication': {'audiences': [], 'cache_key': [], 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'is_anonymous_access_allowed': True, 'issuers': [], 'max_clock_skew_in_seconds': 3.4, 'parameters': {}, 'public_keys': {'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'token_auth_scheme': 'token_auth_scheme_example', 'token_header': 'token_header_example', 'token_query_param': 'token_query_param_example', 'type': 'CUSTOM_AUTHENTICATION', 'validation_failure_policy': {'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'fallback_redirect_path': 'fallback_redirect_path_example', 'logout_path': 'logout_path_example', 'max_expiry_duration_in_hours': 56, 'response_code': 'response_code_example', 'response_header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_message': 'response_message_example', 'response_type': 'CODE', 'scopes': [], 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'MODIFY_RESPONSE', 'use_cookies_for_intermediate_steps': True, 'use_cookies_for_session': True, 'use_pkce': True}, 'validation_policy': {'additional_validation_policy': {'audiences': [], 'issuers': [], 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'cors': {'allowed_headers': [], 'allowed_methods': [], 'allowed_origins': [], 'exposed_headers': [], 'is_allow_credentials_enabled': True, 'max_age_in_seconds': 56}, 'dynamic_authentication': {'authentication_servers': [{'authentication_server_detail': {'audiences': [], 'cache_key': [], 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'is_anonymous_access_allowed': True, 'issuers': [], 'max_clock_skew_in_seconds': 3.4, 'parameters': {}, 'public_keys': {'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'token_auth_scheme': 'token_auth_scheme_example', 'token_header': 'token_header_example', 'token_query_param': 'token_query_param_example', 'type': 'CUSTOM_AUTHENTICATION', 'validation_failure_policy': {'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'fallback_redirect_path': 'fallback_redirect_path_example', 'logout_path': 'logout_path_example', 'max_expiry_duration_in_hours': 56, 'response_code': 'response_code_example', 'response_header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_message': 'response_message_example', 'response_type': 'CODE', 'scopes': [], 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'MODIFY_RESPONSE', 'use_cookies_for_intermediate_steps': True, 'use_cookies_for_session': True, 'use_pkce': True}, 'validation_policy': {'additional_validation_policy': {'audiences': [], 'issuers': [], 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'client_details': {'client_id': 'ocid1.client.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_id': 'ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx', 'client_secret_version_number': 56, 'type': 'VALIDATION_BLOCK'}, 'is_ssl_verify_disabled': True, 'keys': [{'alg': 'alg_example', 'e': 'e_example', 'format': 'JSON_WEB_KEY', 'key': 'key_example', 'key_ops': [], 'kid': 'kid_example', 'kty': 'RSA', 'n': 'n_example', 'use': 'sig'}], 'max_cache_duration_in_hours': 56, 'source_uri_details': {'type': 'DISCOVERY_URI', 'uri': 'uri_example'}, 'type': 'STATIC_KEYS', 'uri': 'uri_example'}, 'verify_claims': [{'is_required': True, 'key': 'key_example', 'values': []}]}, 'key': {'expression': 'expression_example', 'is_default': True, 'name': 'name_example', 'type': 'ANY_OF', 'values': []}}], 'selection_source': {'selector': 'selector_example', 'type': 'SINGLE'}}, 'mutual_tls': {'allowed_sans': [], 'is_verified_certificate_required': True}, 'rate_limiting': {'rate_in_requests_per_second': 56, 'rate_key': 'CLIENT_IP'}, 'usage_plans': {'token_locations': []}}, 'routes': [{'backend': {'allowed_post_logout_uris': [], 'body': 'body_example', 'connect_timeout_in_seconds': 3.4, 'function_id': 'ocid1.function.oc1..xxxxxxEXAMPLExxxxxx', 'headers': [{'name': 'name_example', 'value': 'value_example'}], 'is_ssl_verify_disabled': True, 'post_logout_state': 'post_logout_state_example', 'read_timeout_in_seconds': 3.4, 'routing_backends': [{'backend': {'type': 'ORACLE_FUNCTIONS_BACKEND'}, 'key': {'expression': 'expression_example', 'is_default': True, 'name': 'name_example', 'type': 'ANY_OF', 'values': []}}], 'selection_source': {'selector': 'selector_example', 'type': 'SINGLE'}, 'send_timeout_in_seconds': 3.4, 'status': 56, 'type': 'ORACLE_FUNCTIONS_BACKEND', 'url': 'url_example'}, 'logging_policies': {'access_log': {'is_enabled': True}, 'execution_log': {'is_enabled': True, 'log_level': 'INFO'}}, 'methods': [], 'path': 'path_example', 'request_policies': {'authorization': {'allowed_scope': [], 'type': 'ANONYMOUS'}, 'body_validation': {'content': {'validation_type': 'NONE'}, 'required': True, 'validation_mode': 'ENFORCING'}, 'cors': {'allowed_headers': [], 'allowed_methods': [], 'allowed_origins': [], 'exposed_headers': [], 'is_allow_credentials_enabled': True, 'max_age_in_seconds': 56}, 'header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'header_validations': {'headers': [{'name': 'name_example', 'required': True}], 'validation_mode': 'ENFORCING'}, 'query_parameter_transformations': {'filter_query_parameters': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_query_parameters': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_query_parameters': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'query_parameter_validations': {'parameters': [{'name': 'name_example', 'required': True}], 'validation_mode': 'ENFORCING'}, 'response_cache_lookup': {'cache_key_additions': [], 'is_enabled': True, 'is_private_caching_enabled': True, 'type': 'SIMPLE_LOOKUP_POLICY'}}, 'response_policies': {'header_transformations': {'filter_headers': {'items': [{'name': 'name_example'}], 'type': 'ALLOW'}, 'rename_headers': {'items': [{'_from': '_from_example', 'to': 'to_example'}]}, 'set_headers': {'items': [{'if_exists': 'OVERWRITE', 'name': 'name_example', 'values': []}]}}, 'response_cache_store': {'time_to_live_in_seconds': 56, 'type': 'FIXED_TTL_STORE_POLICY'}}}]}, 'time_created': '2013-10-20T19:20:30+01:00', 'time_updated': '2013-10-20T19:20:30+01:00'}
|
||||||||||
|
compartment_id
string
|
on success |
The OCID of the compartment in which the resource is created.
Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
defined_tags
dictionary
|
on success |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: `{"Operations": {"CostCenter": "42"}}`
Sample:
{'Operations': {'CostCenter': 'US'}}
|
||||||||||
|
display_name
string
|
on success |
A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
Example: `My new resource`
Sample:
display_name_example
|
||||||||||
|
endpoint
string
|
on success |
The endpoint to access this deployment on the gateway.
Sample:
endpoint_example
|
||||||||||
|
freeform_tags
dictionary
|
on success |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: `{"Department": "Finance"}`
Sample:
{'Department': 'Finance'}
|
||||||||||
|
gateway_id
string
|
on success |
The OCID of the resource.
Sample:
ocid1.gateway.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
id
string
|
on success |
The OCID of the resource.
Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
lifecycle_details
string
|
on success |
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in a Failed state.
Sample:
lifecycle_details_example
|
||||||||||
|
lifecycle_state
string
|
on success |
The current state of the deployment.
Sample:
CREATING
|
||||||||||
|
path_prefix
string
|
on success |
A path on which to deploy all routes contained in the API deployment specification. For more information, see Deploying an API on an API Gateway by Creating an API Deployment.
Sample:
path_prefix_example
|
||||||||||
|
specification
complex
|
on success |
|
||||||||||
|
logging_policies
complex
|
on success |
|
||||||||||
|
access_log
complex
|
on success |
|
||||||||||
|
is_enabled
boolean
|
on success |
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
Sample:
True
|
||||||||||
|
execution_log
complex
|
on success |
|
||||||||||
|
is_enabled
boolean
|
on success |
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
Sample:
True
|
||||||||||
|
log_level
string
|
on success |
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.
Sample:
INFO
|
||||||||||
|
request_policies
complex
|
on success |
|
||||||||||
|
authentication
complex
|
on success |
|
||||||||||
|
audiences
list
/ elements=string
|
on success |
The list of intended recipients for the token.
|
||||||||||
|
cache_key
list
/ elements=string
|
on success |
A list of keys from "parameters" attribute value whose values will be added to the cache key.
|
||||||||||
|
function_id
string
|
on success |
The OCID of the Oracle Functions function resource.
Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
is_anonymous_access_allowed
boolean
|
on success |
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
Sample:
True
|
||||||||||
|
issuers
list
/ elements=string
|
on success |
A list of parties that could have issued the token.
|
||||||||||
|
max_clock_skew_in_seconds
float
|
on success |
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.
Sample:
3.4
|
||||||||||
|
parameters
dictionary
|
on success |
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`
|
||||||||||
|
public_keys
complex
|
on success |
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
on success |
Defines whether or not to uphold SSL verification.
Sample:
True
|
||||||||||
|
keys
complex
|
on success |
The set of static public keys.
|
||||||||||
|
alg
string
|
on success |
The algorithm intended for use with this key.
Sample:
alg_example
|
||||||||||
|
e
string
|
on success |
The base64 url encoded exponent of the RSA public key represented by this key.
Sample:
e_example
|
||||||||||
|
format
string
|
on success |
The format of the public key.
Sample:
JSON_WEB_KEY
|
||||||||||
|
key
string
|
on success |
The content of the PEM-encoded public key.
Sample:
key_example
|
||||||||||
|
key_ops
list
/ elements=string
|
on success |
The operations for which this key is to be used.
|
||||||||||
|
kid
string
|
on success |
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
Sample:
kid_example
|
||||||||||
|
kty
string
|
on success |
The key type.
Sample:
RSA
|
||||||||||
|
n
string
|
on success |
The base64 url encoded modulus of the RSA public key represented by this key.
Sample:
n_example
|
||||||||||
|
use
string
|
on success |
The intended use of the public key.
Sample:
sig
|
||||||||||
|
max_cache_duration_in_hours
integer
|
on success |
The duration for which the JWKS should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
type
string
|
on success |
Type of the public key set.
Sample:
STATIC_KEYS
|
||||||||||
|
uri
string
|
on success |
The uri from which to retrieve the key. It must be accessible without authentication.
Sample:
uri_example
|
||||||||||
|
token_auth_scheme
string
|
on success |
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
Sample:
token_auth_scheme_example
|
||||||||||
|
token_header
string
|
on success |
The name of the header containing the authentication token.
Sample:
token_header_example
|
||||||||||
|
token_query_param
string
|
on success |
The name of the query parameter containing the authentication token.
Sample:
token_query_param_example
|
||||||||||
|
type
string
|
on success |
Type of the authentication policy to use.
Sample:
CUSTOM_AUTHENTICATION
|
||||||||||
|
validation_failure_policy
complex
|
on success |
|
||||||||||
|
client_details
complex
|
on success |
|
||||||||||
|
client_id
string
|
on success |
Client ID for the OAuth2/OIDC app.
Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_id
string
|
on success |
The OCID of the Oracle Vault Service secret resource.
Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_version_number
integer
|
on success |
The version number of the client secret to use.
Sample:
56
|
||||||||||
|
type
string
|
on success |
To specify where the Client App details should be taken from.
Sample:
VALIDATION_BLOCK
|
||||||||||
|
fallback_redirect_path
string
|
on success |
The path to be used as fallback after OAuth2.
Sample:
fallback_redirect_path_example
|
||||||||||
|
logout_path
string
|
on success |
The path to be used as logout.
Sample:
logout_path_example
|
||||||||||
|
max_expiry_duration_in_hours
integer
|
on success |
The duration for which the OAuth2 success token should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
response_code
string
|
on success |
HTTP response code, can include context variables.
Sample:
response_code_example
|
||||||||||
|
response_header_transformations
complex
|
on success |
|
||||||||||
|
filter_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Sample:
ALLOW
|
||||||||||
|
rename_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
_from
string
|
on success |
The original case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
_from_example
|
||||||||||
|
to
string
|
on success |
The new name of the header. This name must be unique across transformation policies.
Sample:
to_example
|
||||||||||
|
set_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
if_exists
string
|
on success |
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Sample:
OVERWRITE
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
response_message
string
|
on success |
HTTP response message.
Sample:
response_message_example
|
||||||||||
|
response_type
string
|
on success |
Response Type.
Sample:
CODE
|
||||||||||
|
scopes
list
/ elements=string
|
on success |
List of scopes.
|
||||||||||
|
source_uri_details
complex
|
on success |
|
||||||||||
|
type
string
|
on success |
Type of the Uri detail.
Sample:
DISCOVERY_URI
|
||||||||||
|
uri
string
|
on success |
The discovery URI for the auth server.
Sample:
uri_example
|
||||||||||
|
type
string
|
on success |
Type of the Validation failure Policy.
Sample:
MODIFY_RESPONSE
|
||||||||||
|
use_cookies_for_intermediate_steps
boolean
|
on success |
Defines whether or not to use cookies for OAuth2 intermediate steps.
Sample:
True
|
||||||||||
|
use_cookies_for_session
boolean
|
on success |
Defines whether or not to use cookies for session maintenance.
Sample:
True
|
||||||||||
|
use_pkce
boolean
|
on success |
Defines whether or not to support PKCE.
Sample:
True
|
||||||||||
|
validation_policy
complex
|
on success |
|
||||||||||
|
additional_validation_policy
complex
|
on success |
|
||||||||||
|
audiences
list
/ elements=string
|
on success |
The list of intended recipients for the token.
|
||||||||||
|
issuers
list
/ elements=string
|
on success |
A list of parties that could have issued the token.
|
||||||||||
|
verify_claims
complex
|
on success |
A list of claims which should be validated to consider the token valid.
|
||||||||||
|
is_required
boolean
|
on success |
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Sample:
True
|
||||||||||
|
key
string
|
on success |
Name of the claim.
Sample:
key_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
|
||||||||||
|
client_details
complex
|
on success |
|
||||||||||
|
client_id
string
|
on success |
Client ID for the OAuth2/OIDC app.
Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_id
string
|
on success |
The OCID of the Oracle Vault Service secret resource.
Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_version_number
integer
|
on success |
The version number of the client secret to use.
Sample:
56
|
||||||||||
|
type
string
|
on success |
To specify where the Client App details should be taken from.
Sample:
VALIDATION_BLOCK
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
on success |
Defines whether or not to uphold SSL verification.
Sample:
True
|
||||||||||
|
keys
complex
|
on success |
The set of static public keys.
|
||||||||||
|
alg
string
|
on success |
The algorithm intended for use with this key.
Sample:
alg_example
|
||||||||||
|
e
string
|
on success |
The base64 url encoded exponent of the RSA public key represented by this key.
Sample:
e_example
|
||||||||||
|
format
string
|
on success |
The format of the public key.
Sample:
JSON_WEB_KEY
|
||||||||||
|
key
string
|
on success |
The content of the PEM-encoded public key.
Sample:
key_example
|
||||||||||
|
key_ops
list
/ elements=string
|
on success |
The operations for which this key is to be used.
|
||||||||||
|
kid
string
|
on success |
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
Sample:
kid_example
|
||||||||||
|
kty
string
|
on success |
The key type.
Sample:
RSA
|
||||||||||
|
n
string
|
on success |
The base64 url encoded modulus of the RSA public key represented by this key.
Sample:
n_example
|
||||||||||
|
use
string
|
on success |
The intended use of the public key.
Sample:
sig
|
||||||||||
|
max_cache_duration_in_hours
integer
|
on success |
The duration for which the introspect URL response should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
source_uri_details
complex
|
on success |
|
||||||||||
|
type
string
|
on success |
Type of the Uri detail.
Sample:
DISCOVERY_URI
|
||||||||||
|
uri
string
|
on success |
The discovery URI for the auth server.
Sample:
uri_example
|
||||||||||
|
type
string
|
on success |
Type of the token validation policy.
Sample:
STATIC_KEYS
|
||||||||||
|
uri
string
|
on success |
The uri from which to retrieve the key. It must be accessible without authentication.
Sample:
uri_example
|
||||||||||
|
verify_claims
complex
|
on success |
A list of claims which should be validated to consider the token valid.
|
||||||||||
|
is_required
boolean
|
on success |
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Sample:
True
|
||||||||||
|
key
string
|
on success |
Name of the claim.
Sample:
key_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
|
||||||||||
|
cors
complex
|
on success |
|
||||||||||
|
allowed_headers
list
/ elements=string
|
on success |
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.
|
||||||||||
|
allowed_methods
list
/ elements=string
|
on success |
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.
|
||||||||||
|
allowed_origins
list
/ elements=string
|
on success |
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.
|
||||||||||
|
exposed_headers
list
/ elements=string
|
on success |
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.
|
||||||||||
|
is_allow_credentials_enabled
boolean
|
on success |
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.
Sample:
True
|
||||||||||
|
max_age_in_seconds
integer
|
on success |
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.
Sample:
56
|
||||||||||
|
dynamic_authentication
complex
|
on success |
|
||||||||||
|
authentication_servers
complex
|
on success |
List of authentication servers to choose from during dynamic authentication.
|
||||||||||
|
authentication_server_detail
complex
|
on success |
|
||||||||||
|
audiences
list
/ elements=string
|
on success |
The list of intended recipients for the token.
|
||||||||||
|
cache_key
list
/ elements=string
|
on success |
A list of keys from "parameters" attribute value whose values will be added to the cache key.
|
||||||||||
|
function_id
string
|
on success |
The OCID of the Oracle Functions function resource.
Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
is_anonymous_access_allowed
boolean
|
on success |
Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
Sample:
True
|
||||||||||
|
issuers
list
/ elements=string
|
on success |
A list of parties that could have issued the token.
|
||||||||||
|
max_clock_skew_in_seconds
float
|
on success |
The maximum expected time difference between the system clocks of the token issuer and the API Gateway.
Sample:
3.4
|
||||||||||
|
parameters
dictionary
|
on success |
A map where key is a user defined string and value is a context expressions whose values will be sent to the custom auth function. Values should contain an expression. Example: `{"foo": "request.header[abc]"}`
|
||||||||||
|
public_keys
complex
|
on success |
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
on success |
Defines whether or not to uphold SSL verification.
Sample:
True
|
||||||||||
|
keys
complex
|
on success |
The set of static public keys.
|
||||||||||
|
alg
string
|
on success |
The algorithm intended for use with this key.
Sample:
alg_example
|
||||||||||
|
e
string
|
on success |
The base64 url encoded exponent of the RSA public key represented by this key.
Sample:
e_example
|
||||||||||
|
format
string
|
on success |
The format of the public key.
Sample:
JSON_WEB_KEY
|
||||||||||
|
key
string
|
on success |
The content of the PEM-encoded public key.
Sample:
key_example
|
||||||||||
|
key_ops
list
/ elements=string
|
on success |
The operations for which this key is to be used.
|
||||||||||
|
kid
string
|
on success |
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
Sample:
kid_example
|
||||||||||
|
kty
string
|
on success |
The key type.
Sample:
RSA
|
||||||||||
|
n
string
|
on success |
The base64 url encoded modulus of the RSA public key represented by this key.
Sample:
n_example
|
||||||||||
|
use
string
|
on success |
The intended use of the public key.
Sample:
sig
|
||||||||||
|
max_cache_duration_in_hours
integer
|
on success |
The duration for which the JWKS should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
type
string
|
on success |
Type of the public key set.
Sample:
STATIC_KEYS
|
||||||||||
|
uri
string
|
on success |
The uri from which to retrieve the key. It must be accessible without authentication.
Sample:
uri_example
|
||||||||||
|
token_auth_scheme
string
|
on success |
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
Sample:
token_auth_scheme_example
|
||||||||||
|
token_header
string
|
on success |
The name of the header containing the authentication token.
Sample:
token_header_example
|
||||||||||
|
token_query_param
string
|
on success |
The name of the query parameter containing the authentication token.
Sample:
token_query_param_example
|
||||||||||
|
type
string
|
on success |
Type of the authentication policy to use.
Sample:
CUSTOM_AUTHENTICATION
|
||||||||||
|
validation_failure_policy
complex
|
on success |
|
||||||||||
|
client_details
complex
|
on success |
|
||||||||||
|
client_id
string
|
on success |
Client ID for the OAuth2/OIDC app.
Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_id
string
|
on success |
The OCID of the Oracle Vault Service secret resource.
Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_version_number
integer
|
on success |
The version number of the client secret to use.
Sample:
56
|
||||||||||
|
type
string
|
on success |
To specify where the Client App details should be taken from.
Sample:
VALIDATION_BLOCK
|
||||||||||
|
fallback_redirect_path
string
|
on success |
The path to be used as fallback after OAuth2.
Sample:
fallback_redirect_path_example
|
||||||||||
|
logout_path
string
|
on success |
The path to be used as logout.
Sample:
logout_path_example
|
||||||||||
|
max_expiry_duration_in_hours
integer
|
on success |
The duration for which the OAuth2 success token should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
response_code
string
|
on success |
HTTP response code, can include context variables.
Sample:
response_code_example
|
||||||||||
|
response_header_transformations
complex
|
on success |
|
||||||||||
|
filter_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Sample:
ALLOW
|
||||||||||
|
rename_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
_from
string
|
on success |
The original case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
_from_example
|
||||||||||
|
to
string
|
on success |
The new name of the header. This name must be unique across transformation policies.
Sample:
to_example
|
||||||||||
|
set_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
if_exists
string
|
on success |
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Sample:
OVERWRITE
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
response_message
string
|
on success |
HTTP response message.
Sample:
response_message_example
|
||||||||||
|
response_type
string
|
on success |
Response Type.
Sample:
CODE
|
||||||||||
|
scopes
list
/ elements=string
|
on success |
List of scopes.
|
||||||||||
|
source_uri_details
complex
|
on success |
|
||||||||||
|
type
string
|
on success |
Type of the Uri detail.
Sample:
DISCOVERY_URI
|
||||||||||
|
uri
string
|
on success |
The discovery URI for the auth server.
Sample:
uri_example
|
||||||||||
|
type
string
|
on success |
Type of the Validation failure Policy.
Sample:
MODIFY_RESPONSE
|
||||||||||
|
use_cookies_for_intermediate_steps
boolean
|
on success |
Defines whether or not to use cookies for OAuth2 intermediate steps.
Sample:
True
|
||||||||||
|
use_cookies_for_session
boolean
|
on success |
Defines whether or not to use cookies for session maintenance.
Sample:
True
|
||||||||||
|
use_pkce
boolean
|
on success |
Defines whether or not to support PKCE.
Sample:
True
|
||||||||||
|
validation_policy
complex
|
on success |
|
||||||||||
|
additional_validation_policy
complex
|
on success |
|
||||||||||
|
audiences
list
/ elements=string
|
on success |
The list of intended recipients for the token.
|
||||||||||
|
issuers
list
/ elements=string
|
on success |
A list of parties that could have issued the token.
|
||||||||||
|
verify_claims
complex
|
on success |
A list of claims which should be validated to consider the token valid.
|
||||||||||
|
is_required
boolean
|
on success |
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Sample:
True
|
||||||||||
|
key
string
|
on success |
Name of the claim.
Sample:
key_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
|
||||||||||
|
client_details
complex
|
on success |
|
||||||||||
|
client_id
string
|
on success |
Client ID for the OAuth2/OIDC app.
Sample:
ocid1.client.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_id
string
|
on success |
The OCID of the Oracle Vault Service secret resource.
Sample:
ocid1.clientsecret.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
client_secret_version_number
integer
|
on success |
The version number of the client secret to use.
Sample:
56
|
||||||||||
|
type
string
|
on success |
To specify where the Client App details should be taken from.
Sample:
VALIDATION_BLOCK
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
on success |
Defines whether or not to uphold SSL verification.
Sample:
True
|
||||||||||
|
keys
complex
|
on success |
The set of static public keys.
|
||||||||||
|
alg
string
|
on success |
The algorithm intended for use with this key.
Sample:
alg_example
|
||||||||||
|
e
string
|
on success |
The base64 url encoded exponent of the RSA public key represented by this key.
Sample:
e_example
|
||||||||||
|
format
string
|
on success |
The format of the public key.
Sample:
JSON_WEB_KEY
|
||||||||||
|
key
string
|
on success |
The content of the PEM-encoded public key.
Sample:
key_example
|
||||||||||
|
key_ops
list
/ elements=string
|
on success |
The operations for which this key is to be used.
|
||||||||||
|
kid
string
|
on success |
A unique key ID. This key will be used to verify the signature of a JWT with matching "kid".
Sample:
kid_example
|
||||||||||
|
kty
string
|
on success |
The key type.
Sample:
RSA
|
||||||||||
|
n
string
|
on success |
The base64 url encoded modulus of the RSA public key represented by this key.
Sample:
n_example
|
||||||||||
|
use
string
|
on success |
The intended use of the public key.
Sample:
sig
|
||||||||||
|
max_cache_duration_in_hours
integer
|
on success |
The duration for which the introspect URL response should be cached before it is fetched again.
Sample:
56
|
||||||||||
|
source_uri_details
complex
|
on success |
|
||||||||||
|
type
string
|
on success |
Type of the Uri detail.
Sample:
DISCOVERY_URI
|
||||||||||
|
uri
string
|
on success |
The discovery URI for the auth server.
Sample:
uri_example
|
||||||||||
|
type
string
|
on success |
Type of the token validation policy.
Sample:
STATIC_KEYS
|
||||||||||
|
uri
string
|
on success |
The uri from which to retrieve the key. It must be accessible without authentication.
Sample:
uri_example
|
||||||||||
|
verify_claims
complex
|
on success |
A list of claims which should be validated to consider the token valid.
|
||||||||||
|
is_required
boolean
|
on success |
Whether the claim is required to be present in the JWT or not. If set to "false", the claim values will be matched only if the claim is present in the JWT.
Sample:
True
|
||||||||||
|
key
string
|
on success |
Name of the claim.
Sample:
key_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
The list of acceptable values for a given claim. If this value is "null" or empty and "isRequired" set to "true", then the presence of this claim in the JWT is validated.
|
||||||||||
|
key
complex
|
on success |
|
||||||||||
|
expression
string
|
on success |
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.
Sample:
expression_example
|
||||||||||
|
is_default
boolean
|
on success |
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.
Sample:
True
|
||||||||||
|
name
string
|
on success |
Name assigned to the branch.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
Type of the selection key.
Sample:
ANY_OF
|
||||||||||
|
values
list
/ elements=string
|
on success |
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.
|
||||||||||
|
selection_source
complex
|
on success |
|
||||||||||
|
selector
string
|
on success |
String describing the context variable used as selector.
Sample:
selector_example
|
||||||||||
|
type
string
|
on success |
Type of the Selection source to use.
Sample:
SINGLE
|
||||||||||
|
mutual_tls
complex
|
on success |
|
||||||||||
|
allowed_sans
list
/ elements=string
|
on success |
Allowed list of CN or SAN which will be used for verification of certificate.
|
||||||||||
|
is_verified_certificate_required
boolean
|
on success |
Determines whether to enable client verification when API Consumer makes connection to the gateway.
Sample:
True
|
||||||||||
|
rate_limiting
complex
|
on success |
|
||||||||||
|
rate_in_requests_per_second
integer
|
on success |
The maximum number of requests per second to allow.
Sample:
56
|
||||||||||
|
rate_key
string
|
on success |
The key used to group requests together.
Sample:
CLIENT_IP
|
||||||||||
|
usage_plans
complex
|
on success |
|
||||||||||
|
token_locations
list
/ elements=string
|
on success |
A list of context variables specifying where API tokens may be located in a request. Example locations: - "request.headers[token]" - "request.query[token]" - "request.auth[Token]" - "request.path[TOKEN]"
|
||||||||||
|
routes
complex
|
on success |
A list of routes that this API exposes.
|
||||||||||
|
backend
complex
|
on success |
|
||||||||||
|
allowed_post_logout_uris
list
/ elements=string
|
on success |
|
||||||||||
|
body
string
|
on success |
The body of the stock response from the mock backend.
Sample:
body_example
|
||||||||||
|
connect_timeout_in_seconds
float
|
on success |
Defines a timeout for establishing a connection with a proxied server.
Sample:
3.4
|
||||||||||
|
function_id
string
|
on success |
The OCID of the Oracle Functions function resource.
Sample:
ocid1.function.oc1..xxxxxxEXAMPLExxxxxx
|
||||||||||
|
headers
complex
|
on success |
The headers of the stock response from the mock backend.
|
||||||||||
|
name
string
|
on success |
Name of the header.
Sample:
name_example
|
||||||||||
|
value
string
|
on success |
Value of the header.
Sample:
value_example
|
||||||||||
|
is_ssl_verify_disabled
boolean
|
on success |
Defines whether or not to uphold SSL verification.
Sample:
True
|
||||||||||
|
post_logout_state
string
|
on success |
Defines a state that should be shared on redirecting to postLogout URL.
Sample:
post_logout_state_example
|
||||||||||
|
read_timeout_in_seconds
float
|
on success |
Defines a timeout for reading a response from the proxied server.
Sample:
3.4
|
||||||||||
|
routing_backends
complex
|
on success |
List of backends to chose from for Dynamic Routing.
|
||||||||||
|
backend
complex
|
on success |
|
||||||||||
|
type
string
|
on success |
Type of the API backend.
Sample:
ORACLE_FUNCTIONS_BACKEND
|
||||||||||
|
key
complex
|
on success |
|
||||||||||
|
expression
string
|
on success |
A selection key string containing a wildcard to match with the context variable in an incoming request. If the context variable matches the string, the request is sent to the route or authentication server associated with the selection key. Valid wildcards are '*' (zero or more characters) and '+' (one or more characters). The string can only contain one wildcard, and the wildcard must be at the start or the end of the string.
Sample:
expression_example
|
||||||||||
|
is_default
boolean
|
on success |
Specifies whether to use the route or authentication server associated with this selection key as the default. The default is used if the value of a context variable in an incoming request does not match any of the other selection key values when dynamically routing and dynamically authenticating requests.
Sample:
True
|
||||||||||
|
name
string
|
on success |
Name assigned to the branch.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
Type of the selection key.
Sample:
ANY_OF
|
||||||||||
|
values
list
/ elements=string
|
on success |
The set of selection keys to match with the context variable in an incoming request. If the context variable exactly matches one of the keys in the set, the request is sent to the route or authentication server associated with the set.
|
||||||||||
|
selection_source
complex
|
on success |
|
||||||||||
|
selector
string
|
on success |
String describing the context variable used as selector.
Sample:
selector_example
|
||||||||||
|
type
string
|
on success |
Type of the Selection source to use.
Sample:
SINGLE
|
||||||||||
|
send_timeout_in_seconds
float
|
on success |
Defines a timeout for transmitting a request to the proxied server.
Sample:
3.4
|
||||||||||
|
status
integer
|
on success |
The status code of the stock response from the mock backend.
Sample:
56
|
||||||||||
|
type
string
|
on success |
Type of the API backend.
Sample:
ORACLE_FUNCTIONS_BACKEND
|
||||||||||
|
url
string
|
on success |
Sample:
url_example
|
||||||||||
|
logging_policies
complex
|
on success |
|
||||||||||
|
access_log
complex
|
on success |
|
||||||||||
|
is_enabled
boolean
|
on success |
Enables pushing of access logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query access logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'access' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
Sample:
True
|
||||||||||
|
execution_log
complex
|
on success |
|
||||||||||
|
is_enabled
boolean
|
on success |
Enables pushing of execution logs to the legacy OCI Object Storage log archival bucket.
Oracle recommends using the OCI Logging service to enable, retrieve, and query execution logs for an API Deployment. If there is an active log object for the API Deployment and its category is set to 'execution' in OCI Logging service, the logs will not be uploaded to the legacy OCI Object Storage log archival bucket.
Please note that the functionality to push to the legacy OCI Object Storage log archival bucket has been deprecated and will be removed in the future.
Sample:
True
|
||||||||||
|
log_level
string
|
on success |
Specifies the log level used to control logging output of execution logs. Enabling logging at a given level also enables logging at all higher levels.
Sample:
INFO
|
||||||||||
|
methods
list
/ elements=string
|
on success |
A list of allowed methods on this route.
|
||||||||||
|
path
string
|
on success |
A URL path pattern that must be matched on this route. The path pattern may contain a subset of RFC 6570 identifiers to allow wildcard and parameterized matching.
Sample:
path_example
|
||||||||||
|
request_policies
complex
|
on success |
|
||||||||||
|
authorization
complex
|
on success |
|
||||||||||
|
allowed_scope
list
/ elements=string
|
on success |
A user whose scope includes any of these access ranges is allowed on this route. Access ranges are case-sensitive.
|
||||||||||
|
type
string
|
on success |
Indicates how authorization should be applied. For a type of ANY_OF, an "allowedScope" property must also be specified. Otherwise, only a type is required. For a type of ANONYMOUS, an authenticated API must have the "isAnonymousAccessAllowed" property set to "true" in the authentication policy.
Sample:
ANONYMOUS
|
||||||||||
|
body_validation
complex
|
on success |
|
||||||||||
|
content
complex
|
on success |
The content of the request body. The key is a media type range subset restricted to the following schema
key ::= ( / ( "*" "/" "*" ) / ( type "/" "*" ) / ( type "/" subtype ) )
For requests that match multiple keys, only the most specific key is applicable. e.g. `text/plain` overrides `text/*`
|
||||||||||
|
validation_type
string
|
on success |
Validation type defines the content validation method.
Make the validation to first parse the body as the respective format.
Sample:
NONE
|
||||||||||
|
required
boolean
|
on success |
Determines if the request body is required in the request.
Sample:
True
|
||||||||||
|
validation_mode
string
|
on success |
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
Sample:
ENFORCING
|
||||||||||
|
cors
complex
|
on success |
|
||||||||||
|
allowed_headers
list
/ elements=string
|
on success |
The list of headers that will be allowed from the client via the Access-Control-Allow-Headers header. '*' will allow all headers.
|
||||||||||
|
allowed_methods
list
/ elements=string
|
on success |
The list of allowed HTTP methods that will be returned for the preflight OPTIONS request in the Access-Control-Allow-Methods header. '*' will allow all methods.
|
||||||||||
|
allowed_origins
list
/ elements=string
|
on success |
The list of allowed origins that the CORS handler will use to respond to CORS requests. The gateway will send the Access-Control-Allow-Origin header with the best origin match for the circumstances. '*' will match any origins, and 'null' will match queries from 'file:' origins. All other origins must be qualified with the scheme, full hostname, and port if necessary.
|
||||||||||
|
exposed_headers
list
/ elements=string
|
on success |
The list of headers that the client will be allowed to see from the response as indicated by the Access-Control-Expose-Headers header. '*' will expose all headers.
|
||||||||||
|
is_allow_credentials_enabled
boolean
|
on success |
Whether to send the Access-Control-Allow-Credentials header to allow CORS requests with cookies.
Sample:
True
|
||||||||||
|
max_age_in_seconds
integer
|
on success |
The time in seconds for the client to cache preflight responses. This is sent as the Access-Control-Max-Age if greater than 0.
Sample:
56
|
||||||||||
|
header_transformations
complex
|
on success |
|
||||||||||
|
filter_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Sample:
ALLOW
|
||||||||||
|
rename_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
_from
string
|
on success |
The original case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
_from_example
|
||||||||||
|
to
string
|
on success |
The new name of the header. This name must be unique across transformation policies.
Sample:
to_example
|
||||||||||
|
set_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
if_exists
string
|
on success |
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Sample:
OVERWRITE
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
header_validations
complex
|
on success |
|
||||||||||
|
headers
complex
|
on success |
|
||||||||||
|
name
string
|
on success |
Parameter name.
Sample:
name_example
|
||||||||||
|
required
boolean
|
on success |
Determines if the header is required in the request.
Sample:
True
|
||||||||||
|
validation_mode
string
|
on success |
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
Sample:
ENFORCING
|
||||||||||
|
query_parameter_transformations
complex
|
on success |
|
||||||||||
|
filter_query_parameters
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of query parameters.
|
||||||||||
|
name
string
|
on success |
The case-sensitive name of the query parameter.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
BLOCK drops any query parameters that are in the list of items, so it acts as an exclusion list. ALLOW permits only the parameters in the list and removes all others, so it acts as an inclusion list.
Sample:
ALLOW
|
||||||||||
|
rename_query_parameters
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of query parameters.
|
||||||||||
|
_from
string
|
on success |
The original case-sensitive name of the query parameter. This name must be unique across transformation policies.
Sample:
_from_example
|
||||||||||
|
to
string
|
on success |
The new name of the query parameter. This name must be unique across transformation policies.
Sample:
to_example
|
||||||||||
|
set_query_parameters
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of query parameters.
|
||||||||||
|
if_exists
string
|
on success |
If a query parameter with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Sample:
OVERWRITE
|
||||||||||
|
name
string
|
on success |
The case-sensitive name of the query parameter. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
query_parameter_validations
complex
|
on success |
|
||||||||||
|
parameters
complex
|
on success |
|
||||||||||
|
name
string
|
on success |
Parameter name.
Sample:
name_example
|
||||||||||
|
required
boolean
|
on success |
Determines if the parameter is required in the request.
Sample:
True
|
||||||||||
|
validation_mode
string
|
on success |
Validation behavior mode.
In `ENFORCING` mode, upon a validation failure, the request will be rejected with a 4xx response and not sent to the backend.
In `PERMISSIVE` mode, the result of the validation will be exposed as metrics while the request will follow the normal path.
`DISABLED` type turns the validation off.
Sample:
ENFORCING
|
||||||||||
|
response_cache_lookup
complex
|
on success |
|
||||||||||
|
cache_key_additions
list
/ elements=string
|
on success |
A list of context expressions whose values will be added to the base cache key. Values should contain an expression enclosed within ${} delimiters. Only the request context is available.
|
||||||||||
|
is_enabled
boolean
|
on success |
Whether this policy is currently enabled.
Sample:
True
|
||||||||||
|
is_private_caching_enabled
boolean
|
on success |
Set true to allow caching responses where the request has an Authorization header. Ensure you have configured your cache key additions to get the level of isolation across authenticated requests that you require.
When false, any request with an Authorization header will not be stored in the Response Cache.
If using the CustomAuthenticationPolicy then the tokenHeader/tokenQueryParam are also subject to this check.
Sample:
True
|
||||||||||
|
type
string
|
on success |
Type of the Response Cache Store Policy.
Sample:
SIMPLE_LOOKUP_POLICY
|
||||||||||
|
response_policies
complex
|
on success |
|
||||||||||
|
header_transformations
complex
|
on success |
|
||||||||||
|
filter_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
type
string
|
on success |
BLOCK drops any headers that are in the list of items, so it acts as an exclusion list. ALLOW permits only the headers in the list and removes all others, so it acts as an inclusion list.
Sample:
ALLOW
|
||||||||||
|
rename_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
_from
string
|
on success |
The original case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
_from_example
|
||||||||||
|
to
string
|
on success |
The new name of the header. This name must be unique across transformation policies.
Sample:
to_example
|
||||||||||
|
set_headers
complex
|
on success |
|
||||||||||
|
items
complex
|
on success |
The list of headers.
|
||||||||||
|
if_exists
string
|
on success |
If a header with the same name already exists in the request, OVERWRITE will overwrite the value, APPEND will append to the existing value, or SKIP will keep the existing value.
Sample:
OVERWRITE
|
||||||||||
|
name
string
|
on success |
The case-insensitive name of the header. This name must be unique across transformation policies.
Sample:
name_example
|
||||||||||
|
values
list
/ elements=string
|
on success |
A list of new values. Each value can be a constant or may include one or more expressions enclosed within ${} delimiters.
|
||||||||||
|
response_cache_store
complex
|
on success |
|
||||||||||
|
time_to_live_in_seconds
integer
|
on success |
Sets the number of seconds for a response from a backend being stored in the Response Cache before it expires.
Sample:
56
|
||||||||||
|
type
string
|
on success |
Type of the Response Cache Store Policy.
Sample:
FIXED_TTL_STORE_POLICY
|
||||||||||
|
time_created
string
|
on success |
The time this resource was created. An RFC3339 formatted datetime string.
Sample:
2013-10-20T19:20:30+01:00
|
||||||||||
|
time_updated
string
|
on success |
The time this resource was last updated. An RFC3339 formatted datetime string.
Sample:
2013-10-20T19:20:30+01:00
|
||||||||||
Authors¶
Oracle (@oracle)