I want to be able to inspect the raw incoming webservice request before it goes through the policy set in Policy Manager. Does the Policy Manager have an option for this, is it an assertion I put at the beginning of my policy?
The Service Debugger (Working with the Service Debugger - CA API Gateway - 9.3 - CA Technologies Documentation ) will allow you to troubleshoot request coming into the gateway for a particular service. This tool allows developers and administrators to step through the logic to ensure that the outcome is correct.
Not sure if I understand your question correctly, gateway have some threat protection assertions which can scan the request, you may refer to the document for more details,
Threat Protection Assertions - CA API Gateway - 9.4 - CA Technologies Documentation
HiI believe your questions has been answered, I will mark this as the correct answer.When your question is not answered or you still have additional questions please let us know. With Kind Regards