Creating API-level (Layer-7) policies for Hosted Websites

  • Updated on May 20, 2024

Cloud Secure Edge (CSE) policies for hosted web services provide API-level (Layer-7) access controls, so you can manage access down to specific paths and APIs.

To set up API-level controls, navigate to Private Access > Access Policies > + Create Policy, and create a Web Policy.

Enter your Policy Name and Description.

Then, define your policy, according to Trust Level, Role, permissible Actions, and permissible Resources.

  • Actions are READ, WRITE, CREATE, UPDATE, or ALL (*)
  • Resources are list of URL paths. Each resource can have a wildcard prefix, suffix, or both.

Use a “!” prefix to DENY. This will override any other rule that allows access.

Once you’ve defined your policy’s rules and access groups, select Create Policy to save it.

In the following example, the policy’s access block says users with the Admins role can access any path on the website. Users with the Contractors role can access every path except paths that start with /admin.