Rules Engine
Rules Engine
Rules let you automate what happens to incoming requests on your endpoint. Each rule has a match condition and an action. Rules are evaluated top-to-bottom; the first matching rule wins.
Rule anatomy
Match on
- HTTP method (GET, POST, PUT…)
- URL path (exact or wildcard *)
- Request header value
- Request body field (JSON path)
- Query parameter value
Then
- Forward to another URL
- Respond with custom status + body
- Reject (return 4xx/5xx)
- No action (pass through to log only)
Example rules
Forward — route Stripe events to staging Rule #1
MATCH Method = POST
Path = /webhook/stripe-events
Header: Stripe-Signature exists
ACTION Forward → https://staging.myapp.com/hooks/stripe
(preserve all original headers and body) Reject — block unauthorized requests Rule #2
MATCH Header: X-Secret != "my-secret-token"
ACTION Respond 401 {
"error": "Unauthorized",
"message": "Missing or invalid X-Secret header"
} Respond — simulate rate limiting Rule #3
MATCH Path = /api/* (any path under /api)
ACTION Respond 429 {
"error": "Too Many Requests",
"retryAfter": 60
}
Retry-After: 60 Match operators
| Operator | Description | Example |
|---|---|---|
| equals | Exact string match | method = POST |
| contains | Substring match | path contains /stripe |
| starts_with | Prefix match | path starts_with /api/v2 |
| wildcard (*) | Glob-style path matching | path = /api/*/events |
| exists | Header or field is present | header X-Signature exists |
| not_exists | Header or field is absent | header Authorization not_exists |
| regex | Regular expression match | body.email regex .*@corp\.com |
Rule ordering and priority
Rules are evaluated in order from top to bottom. The first rule whose match condition is satisfied wins — no further rules are evaluated.
- More specific rules should go above more general rules.
- A catch-all rule (no match condition) at the bottom acts as a default action.
- Drag and drop rules in the dashboard to reorder them.
- Disable individual rules without deleting them using the toggle switch.