This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Need to modify response from target server before sending to client app based on developer app name

Posted on 04-16-2021 06:10 AM
meenakshisundar
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I am planning to intercept the XML response from the target(backend) API, before sending back the response from the target to the client app, I need to modify the XML response(remove selected attributes or tags) based on which client app made the API request.

For that, I am planning to use Python extension policy & Key Value Map to store which tag or attributes should be removed for each specific client app, what are the limitations here should be considered.

I have following questions or doubts before proceed to go with above approach

  • Is this right approach for this use case
  • Will this impact API Performance
  • Will client app may face any timeout or Gateway error
  • Can I use python extension policy for this or any other will more suitable here
  • What are the general limitations imposed by Apigee regarding size of the API response
    • Like we can't have streaming enabled here, because polices will not be executed
    • Maximum response size, especially when need to parse the XML in python extension
    • Any other challenges, I might missed to mentioned here

Your valuable comments will apricated. Thanks in advance.

Regards,

Meenakshi Sundar.

Solved Solved
1 3 391
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I understand what you're trying to do.

Modifying the response XML is really common, of course.

  • Is this right approach for this use case

Using the KVM to store which tags or attributes should be removed for each client... seems reasonable. You know of course about the custom attributes you can attach to the client apps, right? You could use the attributes on the client app itself to specify which attributes to filter. Or custom attributes on the API product itself. That's the purpose of those custom attributes -to satisfy exactly the kind of use-case you are imagining. But maybe there is a reason you want to use the KVM for that purpose. It's a little more complicated, because you have to do an explicit lookup during the API proxy execution. Consider where you need that extra complexity, and what you're gaining from it.

  • Will this impact API Performance

Yes, it will. Modifying the response payload will always "cost more" than not modifying the response payload. The real question is, will it affect performance to such a degree that it will adversely affect the experience of the end-user or system. And the answer there is, "we don't know". There are too many variables to be certain. The size of the XML, the complexity of the logic you are using to remove elements and attributes. We won't know the performance impact until you implement the solution and test it under load. Be careful of Premature Optimization.

  • Will client app may face any timeout or Gateway error

Not if you implement it correctly.

  • Can I use python extension policy for this or any other will more suitable here

I recommend using what you are most comfortable writing and maintaining. If I were in your shoes, I would write the code in Java.

In fact I already have a Java callout that does this, for the special case of removing a single node. If I were doing this I would start with that, change the configuration model so that instead of accepting a single xpath describing the node to remove, accept an array of Xpath expressions, and then add a loop to the implementation. Pretty simple.

You may be more comfortable using Python. You could also use JavaScript, with the E4X extensions. All of those are suitable. Java will probably be fastest, but you don't need to worry about that right now. (See above note re: Premature optimization)

  • What are the general limitations imposed by Apigee regarding size of the API response
    • Like we can't have streaming enabled here, because polices will not be executed
    • Maximum response size, especially when need to parse the XML in python extension
    • Any other challenges, I might missed to mentioned here

You cannot use streaming, correct. If you want to modify the XML payload, then streaming is not possible. The maximum size of the response payload is documented: 10mb.

If you give me a concrete example, I might be able to extend the edit-Xml-document callout to accomplish what you want. A concrete example means:

  • a sample response XML before modification
  • a set of xpath expressions for what you want to remove
  • an expected XML document , after the desired modification

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I understand what you're trying to do.

Modifying the response XML is really common, of course.

  • Is this right approach for this use case

Using the KVM to store which tags or attributes should be removed for each client... seems reasonable. You know of course about the custom attributes you can attach to the client apps, right? You could use the attributes on the client app itself to specify which attributes to filter. Or custom attributes on the API product itself. That's the purpose of those custom attributes -to satisfy exactly the kind of use-case you are imagining. But maybe there is a reason you want to use the KVM for that purpose. It's a little more complicated, because you have to do an explicit lookup during the API proxy execution. Consider where you need that extra complexity, and what you're gaining from it.

  • Will this impact API Performance

Yes, it will. Modifying the response payload will always "cost more" than not modifying the response payload. The real question is, will it affect performance to such a degree that it will adversely affect the experience of the end-user or system. And the answer there is, "we don't know". There are too many variables to be certain. The size of the XML, the complexity of the logic you are using to remove elements and attributes. We won't know the performance impact until you implement the solution and test it under load. Be careful of Premature Optimization.

  • Will client app may face any timeout or Gateway error

Not if you implement it correctly.

  • Can I use python extension policy for this or any other will more suitable here

I recommend using what you are most comfortable writing and maintaining. If I were in your shoes, I would write the code in Java.

In fact I already have a Java callout that does this, for the special case of removing a single node. If I were doing this I would start with that, change the configuration model so that instead of accepting a single xpath describing the node to remove, accept an array of Xpath expressions, and then add a loop to the implementation. Pretty simple.

You may be more comfortable using Python. You could also use JavaScript, with the E4X extensions. All of those are suitable. Java will probably be fastest, but you don't need to worry about that right now. (See above note re: Premature optimization)

  • What are the general limitations imposed by Apigee regarding size of the API response
    • Like we can't have streaming enabled here, because polices will not be executed
    • Maximum response size, especially when need to parse the XML in python extension
    • Any other challenges, I might missed to mentioned here

You cannot use streaming, correct. If you want to modify the XML payload, then streaming is not possible. The maximum size of the response payload is documented: 10mb.

If you give me a concrete example, I might be able to extend the edit-Xml-document callout to accomplish what you want. A concrete example means:

  • a sample response XML before modification
  • a set of xpath expressions for what you want to remove
  • an expected XML document , after the desired modification
Jump to Solution

Posted on --/--/---- --:-- AM
meenakshisundar
Bronze 5
Bronze 5
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

@dino-at-google Thank you for your detailed answer, it helped a lot.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

You can put the tags to be removed in the client app itself using attribute feature of developer app. This will overcome the KVM requirement.

Once you do api key or oauth 2 verification, the attributes will be available in the flow.

To extract some variables use extract variable policy and to set payload use assign message policy.

You should not use python script, it's not suggested because of the performance impact.

Yes, you should not use streaming as you are operating on the response payload.

Jump to Solution