Red Hat 3scale API Management

With the June 2018 release of Red Hat 3scale API Management 2.2, adding API Gateway policies to your API management layer is easier than ever.

What is a Policy?

Red Hat 3scale API Management provides units of functionality that modify the behavior of the API Gateway without the need to implement code. These management components are know in 3scale as policies. The configuration for the bundled policies is available from the API Manager Portal, where you can define the behavior of your API integration.

The order in which the policies are executed, known as the “policy chain”, can be configured to introduce differing behavior based on the position of the policy in the chain. Adding custom headers, perform URL rewriting, enable CORS, and configurable caching are some of the most common API gateway capabilities implemented as policies.

There are various policies available out-of-the-box with 3scale, but you are not limited to those. With 3scale you have complete access to the gateway policy framework to write custom code that implements new API Gateway features on top of the basic APIcast policy built-in to the API Management.

3scale standard policies

3scale Standard Policies

Red Hat 3scale API Management provides a number of standard policies:

  • CORS: Cross Origin Resource Sharing (CORS) request handling policy—allows you to control CORS behavior
  • URL rewriting: Allows you to modify the path of a request using the OpenResty web platform sub and gsub operations.
  • Echo: Prints an incoming request back to the client, along with an optional HTTP status code.
  • Adding headers:  Headers policy allows you to modify existing headers or define additional headers to add to or remove from an incoming request or response.
  • Upstream: Allows you to parse a host request header using regular expressions and replace the request header URL with a new URL.
  • SOAP: The SOAP policy matches SOAP action URIs provided in the SOAPAction or Content-Type header of an HTTP request with mapping rules specified in the policy.
  • Offline operation communication:  The authentication caching policy caches authentication calls made to the API Gateway. You can configure how the cache operates by selecting an operating mode.


The benefits of 3scale API management's modular policy are:

  • Configuration by data, not code
  • Capability to add gateway logic with new policies for any phase of the request cycle
  • Better extensibility
  • Improved maintainability
  • Leverage of community contributions

Hence, take a look at the following video. It shows an overview on how to enable standard policies in 3scale API Management.

Last updated: September 3, 2019