Community Edition
Cloud EditionCommunity EditionConnectorsWebsite
Search…
Yap community
GET STARTED
Usage and getting started
Application and resolvers
Policies
API Gateway (GraphQL)
Error handling
Connectors
CUSTOM
How to create policy?
How to create connector?
API POLICIES
Access restriction policies
Check HTTP header
Restrict caller IPs
Restrict caller hosts
Advanced policies
Authentication policies
Cross-domain policies
Transformation policies
FAQ
Yap vs Express
Frequently asked questions
FAQ Error Policies
Powered By GitBook
Check HTTP header
Use the check-header policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or check for a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy.

Policy statement

XML
<check-header name="header name" failed-check-httpcode="code" failed-check-error-message="message" ignore-case="true">
<value>Value1</value>
<value>Value2</value>
</check-header>

Example

XML
<check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false">
<value>f6dc69a089844cf6b2019bae6d36fac8</value>
</check-header>

Elements

Name
Description
Required
check-header
Root element.
Yes
value
Allowed HTTP header value. When multiple value elements are specified, the check is considered a success if any one of the values is a match.
No

Attributes

Name
Description
Required
Default
failed-check-error-message
Error message to return in the HTTP response body if the header doesn't exist or has an invalid value. This message must have any special characters properly escaped.
Yes
N/A
failed-check-httpcode
HTTP Status code to return if the header doesn't exist or has an invalid value.
Yes
N/A
header-name
The name of the HTTP Header to check.
Yes
N/A
ignore-case
Can be set to True or False. If set to True case is ignored when the header value is compared against the set of acceptable values.
Yes
N/A

Usage

This policy can be used in the following policy sections and scopes.
  • Policy sections: inbound, outbound
  • Policy scopes: all scopes

Example

XML
<policies>
<inbound>
<check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false">
<value>f6dc69a089844cf6b2019bae6d36fac8</value>
</check-header>
</inbound>
</policies>

Usage

This policy can be used in the inbound policy scopes.
Questions? We're always happy to help with any issues you might have! Send us an email to [email protected] or request the demo with our sales team!
API POLICIES - Previous
Access restriction policies
Next
Restrict caller IPs
Last modified 2yr ago
Copy link
On this page
Policy statement
Example
Elements
Attributes
Usage
Example
Usage