Apigee forces canonical query params (e.g. upper-casing %5d --> %5D)

Not applicable

I have observed that Apigee Edge automatically enforces forces *canonical* query params.

For example, I had characters such as `%5b` and `%5d` in my input query parameter. Apigee converted these to `%5B` and `%5D` *without warning*.

Indeed, the first node in Apigee trace, "Request Received from Client" had the canonical upper-case query params.

Client applications/users compute and set HMAC headers before hitting Apigee. The HMAC canonicalString includes the uri (lower-case `%5b`). Apigee manipulating the query params without warning (forcing to upper-case `%5B`) causes the HMAC authentication to fail in my backend.

*How do I disable Apigee forcing canonical query params, and forward the URI *as is* to the backend?*

0 1 158
1 REPLY 1

I dunno, not sure if it is possible to do that.

According to RFC3986, uppercase A-F is equivalent to lowercase a-f. But also:

   URI producers and normalizers should use uppercase hexadecimal digits
   for all percent-encodings.

I think Apigee Edge was designed to comply with that spec. If *either* your client *or* your backend also complied with that spec, then there'd be no problem, I think.

According to my reading of the spec, you need to fix one or more of your systems.