Outbound Policies Directory

Outbound Policies Included in Flex Gateway

Policy	Category	Summary
In-Task Authorization Code	A2A	Ensures secondary credentials are present for in-task authentication using OAuth 2.0 Authorization Code flow
AWS lambda	Transformation	Triggers an AWS Lambda function from a standard HTTP request
AWS Request Signature	Security	Signs outgoing requests with AWS Signature Version 4 (SigV4) or Signature Version 4A (SigV4A)
Circuit Breaker	Quality of Service	Prevents an upstream from receiving too many requests or connections
Credential Injection Basic Authentication	Security	Allows access based on the basic authorization mechanism, with a single user-password
Credential Injection API Key	Security	Injects an API key or client credentials headers into outgoing requests
Credential Injection OAuth 2.0	Security	Injects an OAuth 2.0 authorization header into outgoing requests
OAuth 2.0 OBO Credential Injection	Security	Exchanges incoming bearer tokens using the OAuth 2.0 Token Exchange (RFC 8693) or Microsoft Entra ID On-Behalf-Of protocols
Outbound Message Logging	Troubleshooting	Logs custom messages from outbound requests sent to upstream services, responses from upstream services, or information from other outbound policies applied to the same upstream service
Upstream Idle Timeout	Quality of Service	Sets the maximum idle duration for a stream between Flex Gateway and an upstream service

Policy

Category

Summary

In-Task Authorization Code

A2A

Ensures secondary credentials are present for in-task authentication using OAuth 2.0 Authorization Code flow

AWS lambda

Transformation

Triggers an AWS Lambda function from a standard HTTP request

AWS Request Signature

Security

Signs outgoing requests with AWS Signature Version 4 (SigV4) or Signature Version 4A (SigV4A)

Circuit Breaker

Quality of Service

Prevents an upstream from receiving too many requests or connections

Credential Injection Basic Authentication

Security

Allows access based on the basic authorization mechanism, with a single user-password

Credential Injection API Key

Security

Injects an API key or client credentials headers into outgoing requests

Credential Injection OAuth 2.0

Security

Injects an OAuth 2.0 authorization header into outgoing requests

OAuth 2.0 OBO Credential Injection

Security

Exchanges incoming bearer tokens using the OAuth 2.0 Token Exchange (RFC 8693) or Microsoft Entra ID On-Behalf-Of protocols

Outbound Message Logging

Troubleshooting

Logs custom messages from outbound requests sent to upstream services, responses from upstream services, or information from other outbound policies applied to the same upstream service

Upstream Idle Timeout

Quality of Service

Sets the maximum idle duration for a stream between Flex Gateway and an upstream service

Outbound Policies Directory

Outbound Policies Included in Flex Gateway

See Also