how to skip authorization in request header

Not applicable

Am using apigee for the past 3 months.I am calling a third party api for post code search.And as part of my request am passing the apikey, for that am using the verify apikey policy, thats working fine.Now the problem is from our front end they are passing authorization as a part of header that causes a problem in apigee.I just need to avoid this authorization attribute in header.I just need apigee should avoid this and continue working as earlier.please let me know how to skip this attribute. I am not using oauth or oauth2

Solved Solved
0 3 2,635
1 ACCEPTED SOLUTION

Not applicable

Hi mdunker/shdheendra,

The problem is we have a separate basic authentication happens in the preflow of target endpoint.Since from our FE jsp page, we are getting an extra header 'Authorization' overwrites the one in target endpoints preflow.As well we dont need the this attribute for this apigee proxy.

Anyways, below statement in a proxy preflow JS , resolved the problem:

context.removeVariable('request.header.Authorization');

Thanks for the response folks!

View solution in original post

3 REPLIES 3

Can you elaborate this "causes a problem in apigee."? Do you see an error? By default Apigee does not enforce authorization unless there is a policy to do so.

Hi @raghavnaga.prakasam

As mentioned by @sudheendra1, an Apigee Edge proxy will only enforce authentication/authorization if the flow design causes ait to occur. If it is a backend API that is looking at the auth header, and you don't want the backend to see that auth header, you can use the AssignMessage policy to strip that header. If it is the Apigee proxy itself that is causing the Authorization header to be evaluated, you'll need to modify the proxy.

Not applicable

Hi mdunker/shdheendra,

The problem is we have a separate basic authentication happens in the preflow of target endpoint.Since from our FE jsp page, we are getting an extra header 'Authorization' overwrites the one in target endpoints preflow.As well we dont need the this attribute for this apigee proxy.

Anyways, below statement in a proxy preflow JS , resolved the problem:

context.removeVariable('request.header.Authorization');

Thanks for the response folks!