Open policy agent (OPA) enables you to write security and compliance policies as code, or call any external policies using the OPA standard. WSO2 API manager uses this capability to offload policy decisions of API gateway requests to this policy engine. By decoupling the policy enforcement from evaluation, API policymakers now have the opportunity to write dynamic and reusable policies for ever-changing requirements. You can then reuse an OPA policy like any other policy in the API Manager by graphically dragging and dropping it into a policy pipeline. This video explains how it works and gives a demo.

Operation policies framework:
Policy Management Capabilities with WSO2 API Manager 4.1.0
https://youtu.be/ABZNRLs2-aU

Github project used during demo:
https://github.com/1akshitha/opa-custom-request-generator