This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Why in best practices of service callout mentioned to set request content using AM over SC policy

Posted on 09-07-2023 07:20 AM
Teja
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi ..

Can someone tell me why in best practices of service callout mentioned to set request content using assign message policy instead of service callout policy.

Here is the link for best practices: https://docs.apigee.com/api-platform/fundamentals/best-practices-api-proxy-design-and-development

Solved Solved
1 1 125
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I don't know the answer to that, and i think it's kinda lame that the "best practices" statement does not explain WHY it recommends  to set the request content using the AssignMessage policy.

I disagree with the blanket statement. In fact the code path is the same, whether you use the ServiceCallout policy to populate the message, or the AssignMessage policy.  Therefore there will be no performance or security difference. The approach you select should be dependent upon other criteria - like which approach feels more natural. Which one is more readable? 

As one example, it might be necessary to produce a signature of a message that you send with servicecallout, and injec that signature as a header in the outbound message.  In that case, the logic would need to be 1. AssignMessage, 2. Sign (with JavaScript, for example), 3. ServiceCallout.  In other words, it would be impossible for you to compute the signature within a single SC policy. 

But if you don't need to compute any message signature or digest, then assigning the message using servicecallout should be just fine. 

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I don't know the answer to that, and i think it's kinda lame that the "best practices" statement does not explain WHY it recommends  to set the request content using the AssignMessage policy.

I disagree with the blanket statement. In fact the code path is the same, whether you use the ServiceCallout policy to populate the message, or the AssignMessage policy.  Therefore there will be no performance or security difference. The approach you select should be dependent upon other criteria - like which approach feels more natural. Which one is more readable? 

As one example, it might be necessary to produce a signature of a message that you send with servicecallout, and injec that signature as a header in the outbound message.  In that case, the logic would need to be 1. AssignMessage, 2. Sign (with JavaScript, for example), 3. ServiceCallout.  In other words, it would be impossible for you to compute the signature within a single SC policy. 

But if you don't need to compute any message signature or digest, then assigning the message using servicecallout should be just fine. 

Jump to Solution
Top Solution Authors
View all