Outbound Authorization Error

7351-auth-error.jpg

Hi,

I've a backend API that is secured with SSWS. since this cant be implemented using Basic Auth policy I'm trying to leverage Message Assign Policy to set Authorization Header. The requests to API fails because backend is not receiving required Authorization.

When I look at Trace i see the message.headers.Authorization has the value I set but I also see another Header Authorization in Request Headers section that is masked.

Please help me in doing it the right way.

0 4 126
4 REPLIES 4

sidd-harth
Participant V

Can you show us your Assign Message Policy Config?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="Authorization"> <DisplayName>Authorization</DisplayName> <Properties/> <Set> <Headers> <Header name="Authorization">"SSWS XXXXXXXXXXXXXXXXXXXXXXX"</Header> </Headers> <Verb>GET</Verb> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>

Can uou try with a different token. 403 indicated the token is valid, but it forbidden to access the resources.

Auth headers are masked in Trace and Assign message policy is Setting the header correctly.

I just tried that, removed message assign policy and I still see 403 error without Authorization, but when I test from SoapUI endpoint works fine. 401 when no authorization sent and 200 Successful response when authorization sent. Could this be some issue on apigee.