Home > Guides > API developer > API security > Open Policy Agent

Protecting applications and APIs in ACP using OPA

Instructions on how to use OPA policies to protect your API and applications in ACP

Purpose

Protect your APIs and applications with Open Policy Agent (OPA) policies.

Create a policy

  1. Log in to the ACP administrator portal with your username and password.

  2. In the Workspace Directory, select the workspace that you want to enter.

  3. In the selected workspace landing page, select Policies from the sidebar.

  4. In the Policies view, select CREATE POLICY.

  5. In the Create Policy popup window

    1. Select Policy type from the dropdown menu.

      Policy types

      There are a few policy types available in ACP: API request, User, Machine to machine, Developer, Dynamic Client Registration.

    2. Specify Policy name and Display name.

    3. Select REGO as Policy language.

      Policy language

      Another type of policies that you can create in ACP is OPA. For instruction on how to create OPA policies, see Protecting applications and APIs in ACP using OPA.

    4. Select Create.

Result

The OPA policy editor opens.

Edit your policy

  1. To define your policy, enter a piece of code into the Definition section.

    Alternatively, use a policy template:

    • Select one of the policies provided in the Example OPA policies section to import an exemplary code into the Definition section.

    • In the Import Example Policy popup window, select Yes to proceed.

    • Modify the imported code or keep it as is.

  2. Optionally, verify your policy.

    1. Enable Test mode with the toggle switch.

      Result

      The Test mode fly-out pane shows and its Input section gets populated with the policy code.

    2. Select Run test.

    3. Check results in the Output section.

  3. Select Save to finalize your new OPA policy.

    Result

    Your new OPA policy is available in the Policies view.

Next steps

Now you can proceed to