API Policy Templates

This section collects the most commonly applied Azure API Management (APIM) policies you should configure when exposing your API via Equation. These help ensure consistent security, observability, and usage control.

Each policy is described on its own page for clarity and maintainability.

🧾 Default Policies

By default, the platform configures the following policies for all APIs:

EntraID Authentication: Validates JWT tokens from Haskoning's Azure EntraID
CORS: Allows the developer portal to access your API

You don't need to manually configure these policies unless you have specific requirements. For more details, see the APIM policy documentation.

🧾 Available Policy Guides

🔐 Authentication

Use token validation policies to protect your API endpoints. Includes Issuer, Audience, and optional Claims-based checks.

🔁 Rate Limiting (not applied by default)

Apply rate-limit-by-key and quota-by-key policies to control usage and avoid cost spikes.

🌍 CORS

By default, we set up Cross-Origin Resource Sharing policies to allow browser-based access from approved client origins, for detail you can also check the Policy Docs

API Policy Templates ​

🧾 Default Policies ​

🧾 Available Policy Guides ​

🔐 Authentication ​

🔁 Rate Limiting (not applied by default) ​