Problem

The configured "Certificates" for an API are not accessible to a custom-policy, as no Java-Instance object is injected by the API-Manager into the runtime context.

This makes it very difficult and unhandy to do some Custom-Policy-Handling specific to the actually called API and their certificates.

The only workaround is to use a scripting filter as shown here:

https://github.com/Axway-API-Management-Plus/get-a...

Resolution

This is possible by using VApiRuntime.addFullApiConfiguration attribute, so by editing the jvm.xml file of your instance like this:

<ConfigurationFragment>

<SystemProperty name="VApiRuntime.addFullApiConfiguration" value="true"/>

</ConfigurationFragment>

In this way an attribute apiruntime.fullapiconfig will be available in your custom routing policy which will contain the complete configuration of the API with a class com.vordel.apiportal.api.portal.model.proxy.VirtualizedAPI

The schema of this class is define in the API Manager Rest API documentation:

http://apidocs.axway.com/swagger-ui/index.html?pro...

A scripting filter is still needed to get the information from the attribute, but no need to make some KPS request.

A small caution: Only enable if needed. The source code for this JVM setting notes that the exposed attribute may contain sensitive data which is then potentially vulnerable to selector injections. Though additional compromise such as un-trusted policy development and / or access to trace logs might be needed to see such data.