Nav

Add Request/Response Headers, Remove Request/Response Headers

API Manager supports several policies for injecting or removing HTTP headers from a request or response. The policies take effect before sending the request or response.

The add request header policy injects one or more headers into a request from the client to the backend service, or overrides the value of an existing header. The remove request header policy prevents receipt of one or more specified headers sent from the client to the backend service.

The add response header policy injects one or more headers into a response from the backend service to the client, or overrides the header value in a response from the backend service. The remove response header policy prevents inclusion of one or more specified headers in a response from the backend service to the client.

Prerequisites

The prerequisites for adding or removing header policies in Anypoint Platform are:

  • Assume the role of Organization Administrators or API Versions Owner for an API version you want to manage in Anypoint Platform. Applying policies is an API version management task.

  • Ensure that you are licensed to use API Manager functionality (Mule 3.8.0 runtime) or API Gateway runtime 2.x or 1.3.x.

Downloading Add or Remove Header Policies

Currently, the add or remove header policies are available on Anypoint Exchange. Follow the step-by-step procedures to download, set up, and apply these policies.

To download add or remove header policies:

  1. Login to Anypoint Platform and go to Exchange.

  2. Download the following policies:

  3. Unzip each policy archive.

An xml and yaml file appears in each of the folders created by unzipping the archives. For example, the add-request-header-policy folder contains the following files:

  • add-request.xml

  • add-request.yaml

You use these files to set up the policy as described later.

Setting Up and Applying Add or Remove Header Policies

If you have configured custom policies in Anypoint Platform, the process is basically the same for add or remove header policies. The following steps show how to set up and apply the policies in Anypoint Platform.

To set up add or remove header policies:

  1. On API Administration page, select an API.

  2. On the main menu drop-down, select Custom policies.

    The Custom policies page appears listing custom policies, if there are any, that are available for the API.

  3. Click Add custom policy.

  4. In Name, enter a name for the policy, for example add request header policy.

  5. In Policy definition, click Choose File to locate the YAML file, add-request.yaml in this example, that you downloaded.

  6. In Policy configuration, choose the XML file, for example, add-request.xml, that you downloaded.

  7. Click Add.

    gw-add-custom-pol

    The policy, add request header policy in this example, appears on the Custom policies page. gw-custom-pol-list

Applying the Add Request/Response Header Policies

Continuing with example of the add request header policy, follow steps in this procedure to apply either of the following policies:

  • Add request header policy

  • Add response header policy

To apply add the request header policies or add response header policies:

  1. Assuming you already deployed the API version, select the version on the API Administration page.

  2. Scroll to the bottom of the API version details page and select Policies from the list of items.

    The add request header policy, for example, appears in the Available policies list.

    If the header was already provided by the client or another policy, the value is overwritten by the one you provide in this policy.
  3. Click Apply.

    The Apply add request header policy dialog box appears.

  4. Type the name and value of a header. For example, type extra-header on the left and myvalue on the right.

  5. Optionally, include MEL expressions in the value of the header.

    For example, include the following expression to substitute the name of the user-agent in the header text.

    '#[message.inboundProperties['user-agent']]'

  6. Click gw-apply-pol-plus-icon.

  7. Optionally add more names and values of headers to add in the same manner, and click Apply.

    The policy you applied moves from the Available policies list to the Applied policies list.

Applying the Remove Request/Response Header Policies

Perform the steps in this procedure to apply either of the following policies:

  • Remove request header policy

  • Remove response header policy

To apply the remove request header or remove response header policies:

  1. Scroll to the bottom of the version page and select Policies from the list of items.

    The policy, remove request header policy in this example, appears in the Available policies list.

    If the header was already provided by the client or another policy, the value is overwritten by the one you provide in this policy.
  2. Click Apply.

    The Apply remove request headers policy dialog box appears.

  3. Type the name of each header that you want to remove, separated by commas.

    You can use wildcards to remove properties that have similar names. For example, using foo-*` will remove foo-bar, foo-test.

  4. Click Apply.

    The policy you applied moves from the Available policies list to the Applied policies list.

Testing Policy Applications

To test the execution of policies, follow the steps in this section to apply a policy and use curl, for example curl http://localhost:8081 -vvv to test the policies.

Add request header policy

The procedure for testing the add or remove request header policies assume that you created a mule application that logs the headers received by the backend service.

  1. Apply the add request header policy to add a header as described in the previous section.

  2. Run curl.

  3. Check the log of the backend service to verify that request includes the additional header name and value you configured in step 1.

Remove request header policy

The procedure for testing the remove request header policy assumes that you created a mule application that logs the headers received by the backend service.

  1. Apply the remove request header policy to remove a header as described in the previous section.

  2. Run curl.

  3. Verify that the backend service excludes the extra header by checking the log.

Add response header policy:

  1. Run curl.

  2. Check the response to see which headers are being received by the client.

  3. Apply the add response header policy to add a response to the header.

  4. Run curl again.

  5. Verify that the specified header is received.

Remove response header policy

  1. Run curl.

  2. Check the response to see which headers are being received by the client.

  3. Apply the remove response header policy to remove a response from the header.

  4. Run curl again.

  5. Verify that the specified header is removed.