where can we apply the XML and Json threat-protection policy?what is the need to apply these policies?

Not applicable

What is the need to apply XML and JSon Threat Protection policies.? It gives confusion like whether can we apply in XML to JSON or JSON to XML conversion policies ,please give me where can we apply these apply.

0 3 445
3 REPLIES 3

I'm not clear on the question you are asking. It seems you are asking a few related questions. Maybe this will help.

  1. Where can we apply the XML and JSON threat protection policy?
    You can apply this in any flow inside an API Proxy, including in a shared flow.
    To apply it, you attach the policy in the proper flow. You didn't ask, but typically these policies would be applied in a place in the flow that would allow validation of input received from outside the system. For example, on the request flow, where the policy would examine the inbound message content. You might also want to apply one of these policies to examine a response from an "untrusted" external system. Imagine a ServiceCallout that returns XML; you might want to apply XML Threat protection on the response received from that, in order to protect your proxy or backend systems.
  2. What is the need to apply the XML and JSON Threat protection policies?
    To scan XML or JSON payloads that may contain data that is invalid, and should not be parsed by the backend system. For example imagine a very very large XML document that was created by a buggy client. Passing this document through to the backend might result in memory shortages, or when it happens at scale, an inadvertent denial-of-service attack. You can use Apigee Edge to scan for such occurrences and reject those requests before they affect your backend systems.

Currently Iam working on mediation policies. I have a task like

Question:Add XML and JSON threat protection policies to your working API proxy.

In this is it possible to apply these threat protection policies ?

If it is possible please suggest how to work out this.

Yes, you can see how to add threat protection policies here .