Recipe 25 – Implementing a Custom Policy on an API

A policy is a mechanism to enforce filters on traffic. These filters generally control authentication, access, allotted consumption, and service level access (SLA). API Manager offers a number of pre- built policies listed in Available Policies. Custom policies can also be built and applied to an API in the Anypoint Platform. In Mule 4.x, policies are assets in Exchange.

Custom policies are policies that anyone can develop and apply to their APIs, with the intention of extending existing functionalities or defining new ones.

The objective of this recipe is to develop and apply a custom policy on an API. To make a custom policy available to users, add the policy to Anypoint Platform in API Manager. Users can then see and apply the custom policy listed on the Policies tab of the API version details page of an API.



  1. MuleSoft Anypoint Platform Account with admin privileges
  2. Mule 4.2 or later unified runtime
  3. MuleSoft Anypoint Studio 7.4.0 or later installed 
  4. Access to the Sensitive Data API deployed on CloudHub 
  5. GitHub link for the implementation app for the Sensitive Data API
  6. GitHub link for this recipe