Hi, my name is Ashish. And in this video, we will see how to protect API in as your API Management instance. So let me just quickly log on to the portal. And then from there, I'm inside the portal. And we'll see how to protect and not reveal the backend API info. Under the hem on the Israel portal, and I'm the my API manager screen.

So first, we have to transform an API to strip response headers. So basically, you're hiding the HTTP headers that we do not want to show to the users. And you under the you are see the demo conference API under your API's on the left hand side left panel under the API management and you click on test And you click on Get speakers operation, click on it. You press the send button. Here you see the message. And you see this ASP.

NET, ASP net version and the response powered by ASP dotnet. So what you should do, though is no response should look like this and then you have to set the transformation policies. Now, if you would click on this and you click on design, click on all operations under the outbound processing. Click on the policies so this is all about Under the policies and if you would see the outbound element here it is the starting it is the end of the outbound element here. You would see the section overwrite. And when you you keep your cursor and the outbound element, you click on Insert policies here.

And when you will go down, you would see the set HTTP header. C set HTTP header, click on it. So it inserts a policy which would set the HTTP header. So if you would modify the outbound code, right, so would be set header name here you Right, x forward by this action click on delete delete her. And if you would again do this like this Do it set header name is equal to x e SP. NET version exists action lete close this.

Now click on Save And now the fit header starts No, no one does not match the position 26 here 26 seven. Okay. This is the one or more section can contain incorrect value. So this is how you transform your API. You select the policies. And if you would click on the all operations of your demo conference API, and if you would want to protect it if you would go on to the Design tab If you would take the inbound processing and go here and under the inbound, if you would keep your cursor here, you insert a policy here, which would, the policy would be xx restrictions on to the GOP code for access restrictions policies, or limit called rates per submission limits called rate per key.

This is the policy you can enter here, we'll see would be entered you can save the API, you can design the inbound processing, outbound processing and the rate limit. So I hope this was useful for you. And I see you guys in the next video. Thank you. Bye. Have a good day.