Skip to main content

Policy Types

TunnelAPI provides 21+ policy types organized into categories. Each policy type can be used as a node in your assembly workflows.

Core Policies

invoke

Makes HTTP requests to backend services.

type: invoke
config:
  url: https://api.example.com${request.path}
  method: ${request.method}
  headers:
    Authorization: ${request.headers.authorization}
  forwardBody: true
  timeout: 30000

Options:

  • url - Target URL (supports template variables)
  • method - HTTP method (GET, POST, PUT, DELETE, etc.)
  • headers - Custom headers to send
  • forwardBody - Forward request body to backend
  • timeout - Request timeout in milliseconds

auth

Authenticates requests using various methods.

type: auth
config:
  type: jwt
  jwt:
    secret: ${env.JWT_SECRET}
    algorithms: [HS256, RS256]
  failAction: reject

Auth Types:

  • jwt - JSON Web Token validation
  • api-key - API key validation
  • basic - Basic authentication
  • oauth2 - OAuth 2.0 token validation

Options:

  • type - Authentication type
  • failAction - Action on failure (reject, continue, redirect)

rate-limit

Limits request rate per client/user.

type: rate-limit
config:
  windowMs: 60000
  maxRequests: 100
  keyBy: user
  message: Rate limit exceeded

Options:

  • windowMs - Time window in milliseconds
  • maxRequests - Maximum requests per window
  • keyBy - Key for rate limiting (ip, user, api-key, header:X-Custom)
  • message - Custom error message

transform

Transforms request or response data.

type: transform
config:
  request:
    headers:
      X-Request-ID: ${uuid()}
    body:
      timestamp: ${now()}
  response:
    body:
      processed: true

Options:

  • request.headers - Modify request headers
  • request.body - Modify request body
  • response.headers - Modify response headers
  • response.body - Modify response body

log

Logs request/response data for debugging.

type: log
config:
  level: info
  message: "Request to ${request.path}"
  includeHeaders: true
  includeBody: false

Options:

  • level - Log level (debug, info, warn, error)
  • message - Log message template
  • includeHeaders - Include headers in log
  • includeBody - Include body in log

validate

Validates request data against schemas.

type: validate
config:
  schema:
    type: object
    required: [email, password]
    properties:
      email:
        type: string
        format: email
      password:
        type: string
        minLength: 8
  failAction: reject

Options:

  • schema - JSON Schema for validation
  • failAction - Action on validation failure

Flow Control Policies

condition

Conditional branching based on expressions.

type: condition
config:
  expression: ${request.headers.authorization != null}
  trueTarget: auth-node
  falseTarget: reject-node

switch

Multi-way branching based on value.

type: switch
config:
  expression: ${request.method}
  cases:
    GET: read-node
    POST: write-node
    DELETE: delete-node
  default: reject-node

parallel

Execute multiple nodes in parallel.

type: parallel
config:
  nodes: [cache-check, auth-check, rate-check]
  waitFor: all

set-variable

Set context variables for later use.

type: set-variable
config:
  variables:
    userId: ${request.headers['x-user-id']}
    requestTime: ${now()}

Resilience Policies

circuit-breaker

Prevents cascading failures.

type: circuit-breaker
config:
  failureThreshold: 5
  resetTimeout: 30000
  halfOpenRequests: 3

Options:

  • failureThreshold - Failures before opening circuit
  • resetTimeout - Time before attempting reset
  • halfOpenRequests - Requests to test in half-open state

retry

Retries failed requests.

type: retry
config:
  maxRetries: 3
  retryDelay: 1000
  backoffMultiplier: 2
  retryOn: [500, 502, 503, 504]

timeout

Sets request timeout.

type: timeout
config:
  duration: 30000
  message: Request timed out

fallback

Provides fallback response on failure.

type: fallback
config:
  response:
    status: 200
    body:
      message: Service temporarily unavailable
      cached: true

Performance Policies

cache

Caches responses for performance.

type: cache
config:
  ttl: 300000
  keyBy: ${request.path}:${request.query.id}
  storage: redis

Options:

  • ttl - Cache time-to-live in milliseconds
  • keyBy - Cache key template
  • storage - Storage backend (memory, redis)

throttle

Throttles request processing rate.

type: throttle
config:
  requestsPerSecond: 10
  burstSize: 20

Security Policies

cors

Configures CORS headers.

type: cors
config:
  origins: ['https://app.example.com']
  methods: ['GET', 'POST', 'PUT', 'DELETE']
  headers: ['Content-Type', 'Authorization']
  credentials: true

ip-filter

Filters requests by IP address.

type: ip-filter
config:
  mode: whitelist
  addresses:
    - 10.0.0.0/8
    - 192.168.1.0/24

Response Policies

mock

Returns mock response without calling backend.

type: mock
config:
  status: 200
  headers:
    Content-Type: application/json
  body:
    message: Mock response
    timestamp: ${now()}

error-handler

Handles errors with custom responses.

type: error-handler
config:
  handlers:
    401:
      body:
        error: Unauthorized
        message: Please provide valid credentials
    500:
      body:
        error: Internal Server Error
        message: Something went wrong

response-override

Overrides response data.

type: response-override
config:
  status: 200
  headers:
    X-Processed-By: TunnelAPI
  body:
    success: true
    data: ${response.body}

Template Variables

All policy configurations support template variables:

VariableDescription
${request.method}HTTP method
${request.path}Request path
${request.query.param}Query parameter
${request.headers.name}Request header
${request.body.field}Request body field
${response.status}Response status code
${response.body.field}Response body field
${env.VAR_NAME}Environment variable
${context.varName}Context variable
${uuid()}Generate UUID
${now()}Current timestamp