When deployed as an API Gateway and managed with API Manager, the highly performant Anypoint Platform enables you to control which traffic is authorized to pass through your APIs to various backend services, meter the traffic flowing through your API, log transactions, and apply runtime policies.
A policy is a mechanism the gateway uses to enforce filters on traffic as it flows through the gateway. These filters generally control things like authentication, access, allotted consumption, and SLAs. Anypoint Platform comes with a number of pre-built policies including rate limiting, throttling, OAuth 2, basic HTTP authentication, and XML and JSON threat protection. Custom policies can also be built to support needs not addressed by out-of-the-box policies.
Enforcing these policies on incoming requests incurs CPU cycles. The benchmark below provides guidance on the type of overhead one might expect to be added to round-trip time for each API request. This is measured by applying a specific policy on an existing API with API Gateway 2.0 and measuring the added latency in milliseconds.