Send request
The
send-request
policy sends the provided request to the specified URL, waiting no longer than the set timeout value.XML
<send-request mode="new|copy" response-variable-name="" timeout="60 sec" ignore-error="false|true">
<set-url>...</set-url>
<set-method>...</set-method>
<set-header name="" exists-action="override|skip|append|delete">...</set-header>
<set-body>...</set-body>
<authentication-certificate thumbprint="thumbprint" />
</send-request>
This example shows one way to verify a reference token with an authorization server.
XML
<inbound>
<!-- Extract Token from Authorization header parameter -->
<set-variable name="token" value="@(context.request.headers['Authorization'].split(' ').last())" />
<!-- Send request to Token Server to validate token (see RFC 7662) -->
<send-request mode="new" response-variable-name="tokenstate" timeout="20" ignore-error="true">
<set-url>https://api-appec990ad4c76641c.yap.youngapp.co</set-url>
<set-method>POST</set-method>
<set-header name="Authorization" exists-action="override">
<value>basic dXNlcm5hbWU6cGFzc3dvcmQ=</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>@(context.variables.token)</set-body>
</send-request>
<choose>
<!-- Check active property in response -->
<when condition="@(context.variables.tokenstate.body.active == false)">
<!-- Return 401 Unauthorized with http-problem payload -->
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-header name="WWW-Authenticate" exists-action="override">
<value>Bearer error="invalid_token"</value>
</set-header>
</return-response>
</when>
</choose>
<base />
</inbound>
Element | Description | Required |
send-request | Root element. | Yes |
url | The URL of the request. | No if mode=copy; otherwise yes. |
method | The HTTP method for the request. | No if mode=copy; otherwise yes. |
header | Request header. Use multiple header elements for multiple request headers. | No |
body | The request body. | No |
Attribute | Description | Required | Default |
mode="string" | Determines whether this is a new request or a copy of the current request. In outbound mode, mode=copy does not initialize the request body. | No | New |
response-variable-name="string" | The name of context variable that will receive a response object. If the variable doesn't exist, it will be created upon successful execution of the policy and will become accessible via context.Variable collection. | Yes | N/A |
timeout="integer" | The timeout interval in seconds before the call to the URL fails. | No | 60 |
ignore-error | If true and the request results in an error:
| No | false |
name | Specifies the name of the header to be set. | Yes | N/A |
exists-action | Specifies what action to take when the header is already specified. This attribute must have one of the following values:
When set to override enlisting multiple entries with the same name results in the header being set according to all entries (which will be listed multiple times); only listed values will be set in the result. | No | override |
This policy can be used in the inbound, outbound, and on-error policy scopes.
Questions?
We're always happy to help with any issues you might have!
Send us an email to [email protected] or request the demo with our sales team!
Last modified 3yr ago