Custom verification of http headers using java callout

Not applicable

I wish to use some custom calculations that are best written in java to compute header checksums.

If the computed checksum does not match the header checksum, I need to throw out an error. Simple enough! All examples show how ExecutionResult(false, Action.ABORT) can be used to return the error.

However, if the checksum is correct, I need to pass the request to a service endpoint. I don't see any example of being able to do that. All examples of callouts seem to end by creating a response.

Any examples/code snippets would be greatly helpful!

1 1 236
1 REPLY 1

I have working Java callout code that computes a checksum (MD5 or SHA-{1,224,256,384,512} ) on the payload of the body, or any variable, and sets a variable.

https://github.com/DinoChiesa/ApigeeEdge-Java-Compute-Hash

There is also working code that computes HMACs. (keyed hash).

https://github.com/apigee/iloveapis2015-hmac-httpsignature

Regarding "pass the request to a service endpoint" - I don't know what that means exactly. You probably shouldn't try doing that from within a Java callout. You can do that within the proxy flow, though.

What I would do is: Use the callout to just do the computation and always return ExecutionResult.SUCCESS. Then test the result of the computation against the expected value in the Proxy flow with a Condition. If the value does not match, use ServiceCallout to tickle the external service as necessary.