API 管理策略API Management policies
本部分提供以下 API 管理策略的参考。This section provides a reference for the following API Management policies. 有关添加和配置策略的信息,请参阅 API 管理中的策略。For information on adding and configuring policies, see Policies in API Management.
策略是一项强大的系统功能,允许发布者通过配置更改 API 的行为。Policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. 策略是一组语句,在请求或响应 API 时按顺序执行。Policies are a collection of Statements that are executed sequentially on the request or response of an API. 常用的语句包括从 XML 到 JSON 的格式转换,并调用速率限制来限制从一名开发人员传入的调用量。Popular Statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. 许多策略开箱即用。Many more policies are available out of the box.
在任何 API 管理策略中,策略表达式可以用作属性值或文本值,除非该策略另外指定。Policy expressions can be used as attribute values or text values in any of the API Management policies, unless the policy specifies otherwise. 某些策略(如控制流和设置变量策略)基于策略表达式。Some policies such as the Control flow and Set variable policies are based on policy expressions. 有关详细信息,请参阅高级策略和策略表达式。For more information, see Advanced policies and Policy expressions.
策略Policies
- 访问限制策略Access restriction policies
- 检查 HTTP 标头 - 必须存在 HTTP 标头和/或强制采用 HTTP 标头的值。Check HTTP header - Enforces existence and/or value of a HTTP Header.
- 按订阅限制调用速率 - 根据订阅限制调用速率,避免 API 使用量暴增。Limit call rate by subscription - Prevents API usage spikes by limiting call rate, on a per subscription basis.
- 按密钥限制调用速率 - 根据密钥限制调用速率,避免 API 使用量暴增。Limit call rate by key - Prevents API usage spikes by limiting call rate, on a per key basis.
- 限制调用方 IP - 筛选(允许/拒绝)来自特定 IP 地址和/或地址范围的调用。Restrict caller IPs - Filters (allows/denies) calls from specific IP addresses and/or address ranges.
- 按订阅设置使用量配额 - 允许根据订阅强制实施可续订或有生存期的调用量和/或带宽配额。Set usage quota by subscription - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per subscription basis.
- 按密钥设置使用量配额 - 允许根据密钥强制消耗可续订或有生存期的调用量和/或带宽配额。Set usage quota by key - Allows you to enforce a renewable or lifetime call volume and/or bandwidth quota, on a per key basis.
- 验证 JWT - 强制从指定 HTTP 标头或指定查询参数提取的 JWT 必须存在且有效。Validate JWT - Enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
- 高级策略Advanced policies
- 控制流 - 根据布尔表达式的求值,有条件地应用策略语句。Control flow - Conditionally applies policy statements based on the evaluation of Boolean expressions.
- 转发请求 - 将请求转发到后端服务。Forward request - Forwards the request to the backend service.
- 限制并发 - 阻止括住的策略一次执行超过指定数量的请求。Limit concurrency - Prevents enclosed policies from executing by more than the specified number of requests at a time.
- 记录到事件中心 - 将指定格式的消息发送到记录器实体定义的消息目标。Log to Event Hub - Sends messages in the specified format to a message target defined by a Logger entity.
- 模拟响应 - 中止管道执行,将模拟的响应直接返回给调用方。Mock response - Aborts pipeline execution and returns a mocked response directly to the caller.
- 重试 - 重试执行括住的策略语句,直到符合条件为止。Retry - Retries execution of the enclosed policy statements, if and until the condition is met. 系统会按指定的时间间隔重复执行,直到达到指定的重试计数为止。Execution will repeat at the specified time intervals and up to the specified retry count.
- 返回响应 - 中止管道执行,将指定的响应直接返回给调用方。Return response - Aborts pipeline execution and returns the specified response directly to the caller.
- 发送单向请求 - 将请求发送到指定的 URL,无需等待响应。Send one way request - Sends a request to the specified URL without waiting for a response.
- 发送请求 - 将请求发送到指定的 URL。Send request - Sends a request to the specified URL.
- 设置 HTTP 代理 - 允许通过 HTTP 代理路由转发请求。Set HTTP proxy - Allows you to route forwarded requests via an HTTP proxy.
- 设置变量 - 保存命名上下文变量中的值供以后访问。Set variable - Persist a value in a named context variable for later access.
- 设置请求方法 - 允许更改请求的 HTTP 方法。Set request method - Allows you to change the HTTP method for a request.
- 设置状态代码 - 将 HTTP 状态代码更改为指定的值。Set status code - Changes the HTTP status code to the specified value.
- 跟踪 - 将自定义跟踪添加到 API 检查器输出、Application Insights 遥测和资源日志。Trace - Adds custom traces into the API Inspector output, Application Insights telemetries, and Resource Logs.
- 等待 - 在继续下一步之前,等待括住的发送请求、从缓存中获取值或控制流策略完成。Wait - Waits for enclosed Send request, Get value from cache, or Control flow policies to complete before proceeding.
- 身份验证策略Authentication policies
- 使用基本方法进行身份验证 - 使用基本身份验证方法向后端服务进行身份验证。Authenticate with Basic - Authenticate with a backend service using Basic authentication.
- 使用客户端证书进行身份验证 - 使用客户端证书向后端服务进行身份验证。Authenticate with client certificate - Authenticate with a backend service using client certificates.
- 使用托管标识进行身份验证 - 使用托管标识向后端服务进行身份验证。Authenticate with managed identity - Authenticate with a backend service using a managed identity.
- 缓存策略Caching policies
- 从缓存中获取 - 执行缓存查找,并返回有效的缓存响应(如果有)。Get from cache - Perform cache look up and return a valid cached response when available.
- 存储到缓存 - 根据指定的缓存控制配置来缓存响应。Store to cache - Caches response according to the specified cache control configuration.
- 从缓存中获取值 - 按密钥检索缓存项。Get value from cache - Retrieve a cached item by key.
- 在缓存中存储值 - 按密钥在缓存中存储项。Store value in cache - Store an item in the cache by key.
- 从缓存中删除值 - 按密钥在缓存中删除项。Remove value from cache - Remove an item in the cache by key.
- 跨域策略Cross domain policies
- 允许跨域调用 - 使 API 能够通过 Adobe Flash 和基于 Microsoft Silverlight 浏览器的客户端进行访问。Allow cross-domain calls - Makes the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients.
- CORS - 向操作或 API 添加跨源资源共享 (CORS) 支持,允许从基于浏览器的客户端进行跨域调用。CORS - Adds cross-origin resource sharing (CORS) support to an operation or an API to allow cross-domain calls from browser-based clients.
- JSONP - 向操作或 API 添加填充型 JSON (JSONP) 支持,以便从基于 JavaScript 浏览器的客户端执行跨域调用。JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.
- 转换策略Transformation policies
- 将 JSON 转换为 XML - 将请求或响应正文从 JSON 转换为 XML。Convert JSON to XML - Converts request or response body from JSON to XML.
- 将 XML 转换为 JSON - 将请求或响应正文从 XML 转换为 JSON。Convert XML to JSON - Converts request or response body from XML to JSON.
- 查找并替换正文中的字符串 - 查找请求或响应子字符串,并将其替换为不同的子字符串。Find and replace string in body - Finds a request or response substring and replaces it with a different substring.
- 在内容中屏蔽 URL - 重写(屏蔽)响应正文中的链接,使其通过网关指向等效的链接。Mask URLs in content - Re-writes (masks) links in the response body so that they point to the equivalent link via the gateway.
- 设置后端服务 - 更改传入请求的后端服务。Set backend service - Changes the backend service for an incoming request.
- 设置正文 - 设置传入和传出请求的消息正文。Set body - Sets the message body for incoming and outgoing requests.
- 设置 HTTP 标头 - 向现有的响应和/或请求标头赋值,或者添加新的响应和/或请求标头。Set HTTP header - Assigns a value to an existing response and/or request header or adds a new response and/or request header.
- 设置查询字符串参数 - 添加、删除请求查询字符串参数或替换其值。Set query string parameter - Adds, replaces value of, or deletes request query string parameter.
- 重写 URL - 将请求 URL 从其公用格式转换为 Web 服务所需的格式。Rewrite URL - Converts a request URL from its public form to the form expected by the web service.
- 使用 XSLT 转换 XML - 在请求或响应正文中将 XSL 转换应用到 XML。Transform XML using an XSLT - Applies an XSL transformation to XML in the request or response body.
- Dapr 集成策略Dapr integration policies
- 向服务发送请求 - 使用 Dapr 运行时查找 Dapr 微服务并与之进行可靠的通信。Send request to a service - uses Dapr runtime to locate and reliably communicate with a Dapr microservice.
- 将消息发送到发布/订阅主题 - 使用 Dapr 运行时将消息发布到某个发布/订阅主题。Send message to Pub/Sub topic - uses Dapr runtime to publish a message to a Publish/Subscribe topic.
- 触发输出绑定 - 使用 Dapr 运行时通过输出绑定调用外部系统。Trigger output binding - uses Dapr runtime to invoke an external system via output binding.
后续步骤Next steps
有关如何使用策略的详细信息,请参阅:For more information working with policies, see: