This policy is for cases where there is a need for monitoring and controlling different aspects of the proxy processing pipeline.


Different types of monitoring available are described in the sections below:


This option is used to monitor the size of the payload and to reject a request if needed. The most common use case would be to reject a POST/PUT request with a large-sized payload. The same can be used to monitor the size of the response coming from a target service.


This option can be used to monitor the time taken by the target service or a service callout to respond to a request sent out from the proxy. This option can be used to monitor whether third party web services being used are returning responses as per the SLA agreed parameters.


  • To monitor target response, the policy should be ideally added as the first policy to the scope - TARGET_RESPONSE
  • To monitor service call out response times, the policy needs to be added in any scope after the service call out policy is added.


Invocation Time

This option makes the service available to clients for a certain period of time - day/week/month. Requests originating during a period outside what is configured can be recorded or rejected.

Common Properties

Different types of policies listed above have the following options in common.

Enable Monitoring

This option enables different types of monitoring independent of each other. For example, it is possible to monitor payload size ignoring monitoring of response duration as well as invocation time.

Throw error on violation

Enabling this option discontinues the processing after this policy and an error response is sent to the client. If the option is disabled, the violation context is just pushed into context variables which can be used downstream by other policies to record the violation or generate an alert.

Violation Context Variables

The following variables are populated on violation regardless of the Throw error on violation option. These can be used along with Rules Engine to perform actions such as generate alerts, and record violation in an internal DB.

  • sla.violation - true if violation occurred
  • sla.violation.type - Type of violation Access Forbidden for Time, Payload Size Exceeded for Payload , Response Time Exceeded for Response
  • sla.violation.policy - Name of the policy
  • sla.violation.phrase - Phrase detailing the violation context.


The properties specific to different types are listed below.

Payload Configuration

Maximum payload size in bytes

If the size of payload exceeds this value, it is considered as a violation.

Response Configuration

Maximum response time in ms

When the response from backend service exceeds the time limit set, it is considered a violation. 

In case of service callout, prefix to be used

To monitor service callouts, the corresponding prefix needs to be mentioned.

Time Configuration


Start Time

Start time from which the API can be accessed by clients.

End Time

Time until API can be accessed by clients.

Days of Week

Days in a week. Can be one or more from Sunday to Saturday. All seven days will be selected by default.

Days in a month

Dates in a month when the API is accessible to clients; dates from 1st to 31st.  All thirty one days will be selected by default.

Adaptavist ThemeBuilder EngineAtlassian Confluence