Set http header variable based on the oAuth token

maheshraj
Participant I

Hello,

I'm trying to enable access for multiple customers to my API end point. For that

1. Created an API proxy

2. Created an API product and mapped the proxy as resource

3. Created an App for each customer and mapped the same product (Apigee generated unique credentials for each customer)

Now, when a customer access the API (with oauth token generated with client credentials), I'm trying to add a http header variable by configuring AssignMessage policy. The value of the variable (say, customer code) should be set based on the customer from Apigee. Based on this header variable, I will have some business rules in my back end service.

Can you help me with the right pattern to resolve this use case?

Thanks,

Mahesh.

0 4 176
4 REPLIES 4

You're using AssignMessage, that's good.

To add a header, It should look something like this:

<AssignMessage name='AM-AddHeader'>
  <AssignTo createNew='false'/>
  <Set>
    <Headers>
      <Header name='X-My-Custom-Header'>{variable_name_here}</Header>
    </Headers>
  </Set>
</AssignMessage>

That thing inside the curly braces is the name of a context variable. This could be something that gets set implicitly by the VerifyOAuthToken... For example {client_id}. Or, you may want it to be something more meaningful. A value of a custom attribute attached to the developer app, for example.

If you attach that policy in the request flow, then the backend (upstream) target will receive an HTTP request with that new header contained within it.

Thank you for the reply. oAuth token generation and calling the API proxy with the token are two independent calls. I would like to know if the variable set in developer app will be available in the scope of the API proxy call.

yes. If by "the variable set in the developer app" you are referring to a custom attribute on the developer app, then the answer is yes. You may have to use AccessEntity to get the data, but it's available within the scope of the API Proxy execution.

Thank you.