Header Modification via APK Conf¶
This functionality enables the addition, modification, and removal of request and response headers for APIs. By customizing headers, you can enhance the control and flexibility of API interactions, ensuring that both incoming requests and outgoing responses meet specific requirements.
Step 1 - Get the API configuration¶
Save the following content into a file named EmployeeService.apk-conf
. You can use this apk-conf file for the rest of this guide.
id: "header-modifier-api"
name: "EmployeeServiceAPI"
basePath: "/employees"
version: "3.14"
type: "REST"
defaultVersion: false
endpointConfigurations:
production:
endpoint: "https://httpbin.org/anything"
operations:
- target: "/employees"
verb: "GET"
secured: false
scopes: []
- target: "/employee"
verb: "POST"
secured: true
scopes: []
- target: "/employee/{employeeId}"
verb: "PUT"
secured: true
scopes: []
- target: "/employee/{employeeId}"
verb: "DELETE"
secured: true
scopes: []
Step 2 - Add the header modification policy to the apk-conf file¶
A sample header modification configuration is given below.
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
request:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Test-Request-Header"
headerValue: "Test-Value"
This policy adds a header with the name "Test-Request-Header" and value "Test-Value" to the request sent to this particular path.
The complete apk-conf file with this configuration is given below.
id: "header-modifier-api"
name: "EmployeeServiceAPI"
basePath: "/employees"
version: "3.14"
type: "REST"
defaultVersion: false
endpointConfigurations:
production:
endpoint: "https://httpbin.org/anything"
operations:
- target: "/employees"
verb: "GET"
secured: false
scopes: []
operationPolicies:
request:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Test-Request-Header"
headerValue: "Test-Value"
- target: "/employee"
verb: "POST"
secured: true
scopes: []
- target: "/employee/{employeeId}"
verb: "PUT"
secured: true
scopes: []
- target: "/employee/{employeeId}"
verb: "DELETE"
secured: true
scopes: []
Similarly, you can do the following to both request and response headers.
- Add headers
- Update existing headers
- Remove headers
Sample configurations for each of them have been provided under the Sample Configurations section.
Step 3 - Deploy the API in APK¶
Refer to the Deploy the API to deploy the API using APK configuration.
Step 4 - Generate an access token¶
Follow the Generate Access Token documentation to generate an access token.
Step 5 - Invoke the API¶
You can invoke the API using the following command.
curl --location 'https://default.gw.wso2.com:9095/employees/1.0/employee' \
--header 'Host: default.gw.wso2.com' \
--header 'Authorization: Bearer <accessToken>
Since this guide uses the httpbin service which echoes the request and all of its headers, when you invoke the API, you will see the header "Test-Request-Header" with the value "Test-Value".
Sample Configurations¶
Operation Level Request Header Modification¶
1. Add Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
request:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
2. Update Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
request:
- policyName: SetHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
3. Remove Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
request:
- policyName: RemoveHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
Operation Level Response Header Modification¶
1. Add Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
response:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
2. Update Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
response:
- policyName: SetHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
3. Remove Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
operationPolicies:
response:
- policyName: RemoveHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
API Level Request Header Modification¶
1. Add Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
request:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
2. Update Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
request:
- policyName: SetHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
3. Remove Request Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
request:
- policyName: RemoveHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
API Level Response Header Modification¶
1. Add Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
response:
- policyName: AddHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
2. Update Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
response:
- policyName: SetHeader
policyVersion: v1
parameters:
headerName: "Header-Name"
headerValue: "Header-Value"
3. Remove Response Header¶
- target: "/employee"
verb: "GET"
secured: false
scopes: []
apiPolicies:
response:
- policyName: RemoveHeader
policyVersion: v1
parameters:
headerName: "Header-Name"