Switch to using custom rules in any operations you want to target in your policy.

  1. Copy the ID for the API service or custom operation that you want to target in your policy:
    1. Go to Authorize > API Services.
    2. Do one of the following:
      • Click the API service you want to target. On the Overview tab, copy the ID.
        Screen capture showing the copy ID icon on the API Services Overview tab.
      • Click the API service that includes the custom operation that you want to target, then click the Operations tab. Expand the operation and copy the ID.
        Screen capture showing the copy ID icon in an expanded custom operation on the API Services Operations tab.
  2. Go to Authorize > Policies, and click a policy or add a new policy.
  3. To target an API service or a custom operation in the policy:
    1. In Applies When, click + Comparison.
    2. In the Select an attribute list, select one of the following:
      • To target an API service, select PingOne > API Access Management > API Server > ID.
        Note:

        If you target an API service without targeting individual operations, the policy targets all custom operations under the API service.

      • To target a custom operation, select PingOne > API Access Management > Operation > ID.
        Note:

        You can target more than one operation. If you don’t target an API service or any operations, the policy targets all custom operations.

    3. Select the Equals comparator.
    4. In the C (constant) field, enter the ID that you copied in step 1b.

      The following image shows a comparison that targets a custom operation.

      Screen capture showing an Applies When comparison with the Operation ID attribute equal to a particular operation ID.
  4. To target an inbound request or outbound response:
    1. In Applies When, click + Comparison.
    2. In the Select an attribute list, select PingOne > API Access Management > Phase.
    3. Select the Equals comparator.
    4. In the C (constant) field, enter INBOUND_REQUEST or OUTBOUND_RESPONSE.

      The following image shows comparisons that target a custom operation and the outbound response.

      Screen capture showing Applies When comparisons with the Operation ID attribute equal to a particular operation ID and the Phase attribute equal to OUTBOUND_RESPONSE.
    Note:

    If you don’t target a request or response specifically, the policy targets both the request and response.

  5. If you added more than one comparison, select one of the following options:
    • All: Applies the policy when all of the conditions are true. This is like adding an AND boolean operator between comparisons.
    • Any: Applies the policy when one of the conditions is true. This is like adding an OR boolean operator between comparisons.
    • None: Applies the policy when none of the conditions are true. This is like adding a NOT boolean operator.
  6. Click Save changes.