Send request
The send-request policy sends the provided request to the specified URL, waiting no longer than the set timeout value.

Policy statement

XML
<send-request mode="new|copy" response-variable-name="" timeout="60 sec" ignore-error="false|true">
<set-url>...</set-url>
<set-method>...</set-method>
<set-header name="" exists-action="override|skip|append|delete">...</set-header>
<set-body>...</set-body>
<authentication-certificate thumbprint="thumbprint" />
</send-request>

Example

This example shows one way to verify a reference token with an authorization server.
XML
<inbound>
<!-- Extract Token from Authorization header parameter -->
<set-variable name="token" value="@(context.request.headers['Authorization'].split(' ').last())" />
<!-- Send request to Token Server to validate token (see RFC 7662) -->
<send-request mode="new" response-variable-name="tokenstate" timeout="20" ignore-error="true">
<set-url>https://api-appec990ad4c76641c.yap.youngapp.co</set-url>
<set-method>POST</set-method>
<set-header name="Authorization" exists-action="override">
<value>basic dXNlcm5hbWU6cGFzc3dvcmQ=</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>@(context.variables.token)</set-body>
</send-request>
<choose>
<!-- Check active property in response -->
<when condition="@(context.variables.tokenstate.body.active == false)">
<!-- Return 401 Unauthorized with http-problem payload -->
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-header name="WWW-Authenticate" exists-action="override">
<value>Bearer error="invalid_token"</value>
</set-header>
</return-response>
</when>
</choose>
<base />
</inbound>

Elements

Element
Description
Required
send-request
Root element.
Yes
url
The URL of the request.
No if mode=copy; otherwise yes.
method
The HTTP method for the request.
No if mode=copy; otherwise yes.
header
Request header. Use multiple header elements for multiple request headers.
No
body
The request body.
No

Attributes

Attribute
Description
Required
Default
mode="string"
Determines whether this is a new request or a copy of the current request. In outbound mode, mode=copy does not initialize the request body.
No
New
response-variable-name="string"
The name of context variable that will receive a response object. If the variable doesn't exist, it will be created upon successful execution of the policy and will become accessible via context.Variable collection.
Yes
N/A
timeout="integer"
The timeout interval in seconds before the call to the URL fails.
No
60
ignore-error
If true and the request results in an error:
  • If response-variable-name was specified it will contain a null value.
  • If response-variable-name was not specified, context.Request will not be updated.
No
false
name
Specifies the name of the header to be set.
Yes
N/A
exists-action
Specifies what action to take when the header is already specified. This attribute must have one of the following values:
  • override – replaces the value of the existing header,
  • skip – does not replace the existing header value,
  • append – appends the value to the existing header value,
  • delete – removes the header from the request.
When set to override enlisting multiple entries with the same name results in the header being set according to all entries (which will be listed multiple times); only listed values will be set in the result.
No
override

Usage

This policy can be used in the inbound, outbound, and on-error policy scopes.
Questions? We're always happy to help with any issues you might have! Send us an email to [email protected] or request the demo with our sales team!
Copy link
On this page
Policy statement
Example
Elements
Attributes
Usage