I am planning to intercept the XML response from the target(backend) API, before sending back the response from the target to the client app, I need to modify the XML response(remove selected attributes or tags) based on which client app made the API request.
For that, I am planning to use Python extension policy & Key Value Map to store which tag or attributes should be removed for each specific client app, what are the limitations here should be considered.
I have following questions or doubts before proceed to go with above approach
Your valuable comments will apricated. Thanks in advance.
Regards,
Meenakshi Sundar.
Solved! Go to Solution.
I understand what you're trying to do.
Modifying the response XML is really common, of course.
Using the KVM to store which tags or attributes should be removed for each client... seems reasonable. You know of course about the custom attributes you can attach to the client apps, right? You could use the attributes on the client app itself to specify which attributes to filter. Or custom attributes on the API product itself. That's the purpose of those custom attributes -to satisfy exactly the kind of use-case you are imagining. But maybe there is a reason you want to use the KVM for that purpose. It's a little more complicated, because you have to do an explicit lookup during the API proxy execution. Consider where you need that extra complexity, and what you're gaining from it.
Yes, it will. Modifying the response payload will always "cost more" than not modifying the response payload. The real question is, will it affect performance to such a degree that it will adversely affect the experience of the end-user or system. And the answer there is, "we don't know". There are too many variables to be certain. The size of the XML, the complexity of the logic you are using to remove elements and attributes. We won't know the performance impact until you implement the solution and test it under load. Be careful of Premature Optimization.
Not if you implement it correctly.
I recommend using what you are most comfortable writing and maintaining. If I were in your shoes, I would write the code in Java.
In fact I already have a Java callout that does this, for the special case of removing a single node. If I were doing this I would start with that, change the configuration model so that instead of accepting a single xpath describing the node to remove, accept an array of Xpath expressions, and then add a loop to the implementation. Pretty simple.
You may be more comfortable using Python. You could also use JavaScript, with the E4X extensions. All of those are suitable. Java will probably be fastest, but you don't need to worry about that right now. (See above note re: Premature optimization)
You cannot use streaming, correct. If you want to modify the XML payload, then streaming is not possible. The maximum size of the response payload is documented: 10mb.
If you give me a concrete example, I might be able to extend the edit-Xml-document callout to accomplish what you want. A concrete example means:
I understand what you're trying to do.
Modifying the response XML is really common, of course.
Using the KVM to store which tags or attributes should be removed for each client... seems reasonable. You know of course about the custom attributes you can attach to the client apps, right? You could use the attributes on the client app itself to specify which attributes to filter. Or custom attributes on the API product itself. That's the purpose of those custom attributes -to satisfy exactly the kind of use-case you are imagining. But maybe there is a reason you want to use the KVM for that purpose. It's a little more complicated, because you have to do an explicit lookup during the API proxy execution. Consider where you need that extra complexity, and what you're gaining from it.
Yes, it will. Modifying the response payload will always "cost more" than not modifying the response payload. The real question is, will it affect performance to such a degree that it will adversely affect the experience of the end-user or system. And the answer there is, "we don't know". There are too many variables to be certain. The size of the XML, the complexity of the logic you are using to remove elements and attributes. We won't know the performance impact until you implement the solution and test it under load. Be careful of Premature Optimization.
Not if you implement it correctly.
I recommend using what you are most comfortable writing and maintaining. If I were in your shoes, I would write the code in Java.
In fact I already have a Java callout that does this, for the special case of removing a single node. If I were doing this I would start with that, change the configuration model so that instead of accepting a single xpath describing the node to remove, accept an array of Xpath expressions, and then add a loop to the implementation. Pretty simple.
You may be more comfortable using Python. You could also use JavaScript, with the E4X extensions. All of those are suitable. Java will probably be fastest, but you don't need to worry about that right now. (See above note re: Premature optimization)
You cannot use streaming, correct. If you want to modify the XML payload, then streaming is not possible. The maximum size of the response payload is documented: 10mb.
If you give me a concrete example, I might be able to extend the edit-Xml-document callout to accomplish what you want. A concrete example means:
@dino-at-google Thank you for your detailed answer, it helped a lot.
You can put the tags to be removed in the client app itself using attribute feature of developer app. This will overcome the KVM requirement.
Once you do api key or oauth 2 verification, the attributes will be available in the flow.
To extract some variables use extract variable policy and to set payload use assign message policy.
You should not use python script, it's not suggested because of the performance impact.
Yes, you should not use streaming as you are operating on the response payload.