can we use Route Rule in Fault rule ?

Not applicable

Hi @Dino, Everyone,

My proxy invoke external oauth protected target back-end service. If my Target response is 401 Unauthorized, i would like to make one more call to same target service with fresh token. i don't want to send 401 response back to my proxy client.

for this i am using faultrule with condition response.staus.code=401, inside faultrule am getting fresh access token by service callout policy. now with this fresh token i want make a call to same target endpoint.

It is possible ? i heard about RouteRule , it is applicable in response flow ?

0 6 558
6 REPLIES 6

Hi @Gopi Krishna M,

I think that Route Rules will not execute once you're in a Fault Rule situation (the proxy has exited the normal flow pipeline and enters the error flow). Maybe you can try this approach where you don't use Fault Rules, but still are able to take action if you get back a 401:


1. In your ServiceCallout, set ContinueOnError=true.

2. After the ServiceCallout step, add conditional steps that will execute if the callout returns a 401. The steps will get a new token and make another call to the protected target.

<Step>

  <Name>SC-CallBackendService</Name>

</Step>

<Step>

  <Condition>(SC-CallBackendService.status.code = “401") </Condition>

  <Name>SC-GetAnotherToken</Name>

</Step>

<Step>

  <Condition>(SC-CallBackendService.status.code = “401") </Condition>

  <Name>SC-CallBackendService</Name>

</Step> 

Now you can continue processing the response in the normal flow pipeline. I hope this helps and I understood the problem. If not, others please chime in!


Hi @wwitman,

my requirement is I need to route from error flow to any new target flow/ or existing target flow.

Am calling my backend service with access-token, in most of the cases it is giving success response. but some of the times it is giving 401 token expired. i don't want to send this error resposne to my client.

If my proxy received 401 from Target service, I need to make another call to my same target service ?

If my proxy receive 401 it is directly going into error flow. Now i want to route from error flow to normal flows or new flows.

It is not possible to route from error flow to other flows(target flows) ?

Hi @Gopi Krishna M -- I don't think so. As mentioned in the doc here: "Once the API proxy enters the error state, it cannot return processing back to the normal flow pipeline."

Hi @Gopi Krishna M,

If your target system's oauth token gives you issued_at time and expires_in time, then you can do a check before sending the request to target system that the current access token is valid or already expired. As per the oAuth specs every access token should have these two components.

If expired then do a service callout to get new access token and send the request to target system. For checking expiry time you can use a javascript callout and set a flow variable like token_expired = "true".

In next step check for token_expired and if true do a callout to get new token.

Once the proxy execution goes into error flow, it is not possible to again re send the same request back to request flow.

Also checking for response code = "401" will not be full proof solution as it may be caused due to invalid credentials.

Cheers 🙂

Hi @Mohammed Zuber,

we are not getting expiry time of token in access-token response. That is our backend service design. we can't change it.

that's why i want to make one more call my target if my token expires(target given 401) case

@Gopi Krishna M,

I assume at least you can get the information on what is the validity period of your token from target system developers. Considering that please check below solution.

You can use a combination of Populate Cache and Lookup cache to achieve this.

First time when you make a request to get the token cache the token with whatever is the expiry time of token.

Check these steps below in you get resource flow:

<Flow name="getResource">
	<Step>
		<Name>LookupcacheForToken</Name>
	</Step>
	<Step>
		<Name>SC-GetNewToken</Name>
		<Condition>lookupcache.LookupcacheForToken.cachehit = "false"</Condition>
	</Step>
	<Step>
		<Name>PopulateCacheWithNewToken</Name>
		<Condition>(scresponse.status.code = 200) //can be 201 also
			and  (lookupcache.LookupcacheForToken.cachehit = "false")</Condition>
	</Step>	
</Flow>


In populate cache policy set the expiry settings as per the token validity period or some time less like if your token expires in 5 mins i.e. 300 secs then set is 5 secs less to cover up all the caching process.

<ExpirySettings>
     <TimeoutInSec>290</TimeoutInSec>
</ExpirySettings>

Same populate cache policy has to be used when you request for the token first time.

Let me know how it goes.