This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Removing Apikey form queryparam and pass it as header

Posted on 07-25-2017 02:10 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I want to remove my apikey from the query parameter and hardcode the value by passing it in header.I tried doing the same but facing issues.Can you please guide me how to proceed as I need it on urgent basis.

0 9 2,468
Topic Labels
0 Likes
9 REPLIES 9

Posted on --/--/---- --:-- AM
davissean
Staff
Reply posted on --/--/---- --:-- AM

Please use an assign message policy for this:

Something like:

<AssignMessage name="AssignMessage">
  <AssignTo createNew="false" type="request"/>
  <Remove>
    <QueryParams>
     <QueryParam name="apikey"/>
    </QueryParams>
  </Remove>
  <Set>
    <Headers>
      <Header name="APIKey">(your api key)</QueryParam>
    </Headers>
  </Set>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</AssignMessage>

http://docs.apigee.com/api-services/reference/assign-message-policy

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to davissean
Reply posted on --/--/---- --:-- AM 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message-1</DisplayName>
    <Properties/>
    <Remove>
        <QueryParams>
            <QueryParam name="apikey"/>
        </QueryParams>
    </Remove>
    <Set>
        <Headers>
            <Header name="Predix-Zone-Id">e3f93cbb-1b34-48bb-8673-975d5c446029</Header>
            <Header name="Authorization">bearer token</Header>
            <Header name="apikey">IcrG5tKPsKziwuSFUk9OyhY0ulV9Eeia</Header>
        </Headers>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>


Hello,
 I did the same what you told but still i am geeting error while hiting my proxy:
Error:- {"fault":{"faultstring":"Failed to resolve API Key variable request.queryparam.apikey","detail":{"errorcode":"steps.oauth.v2.FailedToResolveAPIKey"}}}
0 Likes

Posted on --/--/---- --:-- AM
davissean
Staff
In response to
Reply posted on --/--/---- --:-- AM

Are you sure the order is correct?

Maybe you are removing the API Key before it is validated instead of after..?

0 Likes

Posted on --/--/---- --:-- AM
akashtp
Staff
Reply posted on --/--/---- --:-- AM

@Shivani Mishra You can use the Assign message policy to set a header which will be sent to target in request flow. This should be pretty easy. Please try this if you haven't.

Refer to the below post for more info on the different uses of Assign Message policy.

https://community.apigee.com/articles/11172/various-uses-of-assign-message-policy.html

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to akashtp
Reply posted on --/--/---- --:-- AM

Hi,I tried that too..but still not able to get the solution

0 Likes

Posted on --/--/---- --:-- AM
snehal_chakrabo
New Member
Reply posted on --/--/---- --:-- AM

Hi @Shivani Mishra

Looking at the error message you shared. It seems the oauthv2 policy is failing. Can you the check the flow variable name that you have used in that policy. It seems the variable name may be incorrect. Also just wanted to understand your requirement. You want to remove the query param and copy the apikey into header, when making the target endpoint call. Is the understanding correct ?

{"fault":{"faultstring":"Failed to resolve API Key variable request.queryparam.apikey","detail":{"errorcode":"steps.oauth.v2.FailedToResolveAPIKey"}}}
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to snehal_chakrabo
Reply posted on --/--/---- --:-- AM

Hi @snehal chakraborty.Yes your understanding is correct

0 Likes

Posted on --/--/---- --:-- AM
snehal_chakrabo
New Member
In response to
Reply posted on --/--/---- --:-- AM

Okay, in that case check the oauthv2 policy for why it is failing. The assign message policy looks fine and should work

0 Likes

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @Shivani Mishra,

Hey -- Maybe you've resolved this, but if not I have some suggestions.

The error you are seeing is coming from the VerifyApiKey policy. The specific error (FailedToResolveAPIKey) is explained in detail in the Runtime Error part of the VerifyApiKey policy's reference page. The error's fault string that you copied says that Edge is expecting to find the API key in a Query Parameter.

If you are calling VerifyApiKey after removing the apikey query param, then that's causing the error. One way to eliminate the error would be to place the VerifyApiKey policy before the AssignMessage.

If you want Edge to verify the Api Key that you are "hardcoding in a header", then you need to configure the VerifyApiKey policy to extract the key from the header (not the query parameter), something like this. 

<VerifyAPIKey name="APIKeyVerifier">
    <APIKey ref="request.header.apikey" />
</VerifyAPIKey>

Of course, you would place this policy after the AssignMessage in this case (after the header is set). The key will be verified only if it is a valid key recognized by Edge. However, it's not clear to me what the key you're hardcoding is for or where it came from.

If you want that hardcoded header to be passed to the backend target, it will be. But to get rid of the error, you need to configure the VerifyApiKey policy correctly and/or put it in the right position in the flow.

Best regards,

Will

0 Likes