Parsing callOut response cookie and passing to backend API

Not applicable

We are currently developing an API proxy that uses a 3rd party API. The problem is, the 3rd party API requires use of cookies (which we know is not restful... but have no choice to use it).

We are currently hitting their API with our authentication info using a callOut through JavaScript. We then add the access token that is received back to the targetRequest header (v1.0, will introduce cache later on) and submit the request.

However, in order to make the call, I also need to pass the cookie that is received from the callOut. The cookie is received through the 'Set-Cookie' header that is received with the access token.

Without using/developing a Node.js app, is there a way to parse the cookie that is sent to us in order to insert it into the targetRequest header (under a 'Cookie' header).

We know that node has a 'cookie-parser' module, though this is not available without using a Node.js app.

We also cannot rely on cookie being passed back to the client, stored in the browser and then resubmitted.

Any help is greatly appreciated

Solved Solved
0 3 2,039
1 ACCEPTED SOLUTION

Aha, still doable. Here's a js policy (no error handling, etc.) that makes a request to https://www.google.com and sets a context variable to the content of the 'S' portion of the returned cookies. It also uses the print function in js policy so when you're tracing the execution you'll see debug statements in the "output from all transactions" section of the trace.

var goog = httpClient.get('https://www.google.com')
goog.waitForComplete()
var resp = goog.getResponse()
if (resp.status = 200) {
  var cookie = resp.headers['Set-Cookie']
  context.setVariable('sCookie', /S=(.*);/.exec(cookie)[1])
}
print('status ' + resp.status)
print('set-cookie ' + resp.headers['Set-Cookie'])
print('regex ' + /S=(.*);/.exec(cookie))

View solution in original post

3 REPLIES 3

I think you should be able to use ExtractVariables to get the info you want. Here's an example that pulls out the value for the 'S' item from the cookies that www.google.com sets.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Cookies">
    <DisplayName>Extract Cookies</DisplayName>
    <FaultRules/>
    <Properties/>
<Header name="Set-Cookie">
    <Pattern ignoreCase="false">*S={cookies};*</Pattern>
  </Header>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <Source clearPayload="false">response</Source>
</ExtractVariables>

Here's the set-cookie header I got back

PREF=ID=b8091cea0df50471:FF=0:TM=1424404751:LM=1424404751:S=ur8Zwkt0L53wRTyy; expires=Sun,19-Feb-2017 03:59:11 GMT; path=/; domain=.google.com,NID=67=I1y9ZvPVa73QpBMH1enKzAdz1zHnhGoOzWFEiEK7m5M6-KGSjAj8QMFVbuc10uE-PlqoNOcs0e6-fhr7Lcr_LURolJpvdk7Z6cxmFRsQQXI_1jTxkv6lEyr5rR9YdgsF; expires=Sat,22-Aug-2015 03:59:11 GMT; path=/; domain=.google.com; HttpOnly

And here's what my flow variable has in it after the ExtractVariables policy

ur8Zwkt0L53wRTyy

The response is from a javascript callout policy, not the target endpoint. I tried using your input and converting it but was unsuccessful (do not really know the ExtractVariable policy well). Any ideas on how to extract a cookie from a javascript callOut policy that uses the httpClient?

Aha, still doable. Here's a js policy (no error handling, etc.) that makes a request to https://www.google.com and sets a context variable to the content of the 'S' portion of the returned cookies. It also uses the print function in js policy so when you're tracing the execution you'll see debug statements in the "output from all transactions" section of the trace.

var goog = httpClient.get('https://www.google.com')
goog.waitForComplete()
var resp = goog.getResponse()
if (resp.status = 200) {
  var cookie = resp.headers['Set-Cookie']
  context.setVariable('sCookie', /S=(.*);/.exec(cookie)[1])
}
print('status ' + resp.status)
print('set-cookie ' + resp.headers['Set-Cookie'])
print('regex ' + /S=(.*);/.exec(cookie))