Send request

The send-request policy sends the provided request to the specified URL, waiting no longer than the set timeout value.

Policy statement

XML
<send-request mode="new|copy" response-variable-name="" timeout="60 sec" ignore-error="false|true">
<set-url>...</set-url>
<set-method>...</set-method>
<set-header name="" exists-action="override|skip|append|delete">...</set-header>
<set-body>...</set-body>
<authentication-certificate thumbprint="thumbprint" />
</send-request>

Example

This example shows one way to verify a reference token with an authorization server.

XML
<inbound>
<!-- Extract Token from Authorization header parameter -->
<set-variable name="token" value="@(context.request.headers['Authorization'].split(' ').last())" />
<!-- Send request to Token Server to validate token (see RFC 7662) -->
<send-request mode="new" response-variable-name="tokenstate" timeout="20" ignore-error="true">
<set-url>https://api-appec990ad4c76641c.yap.youngapp.co</set-url>
<set-method>POST</set-method>
<set-header name="Authorization" exists-action="override">
<value>basic dXNlcm5hbWU6cGFzc3dvcmQ=</value>
</set-header>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>@(context.variables.token)</set-body>
</send-request>
<choose>
<!-- Check active property in response -->
<when condition="@(context.variables.tokenstate.body.active == false)">
<!-- Return 401 Unauthorized with http-problem payload -->
<return-response>
<set-status code="401" reason="Unauthorized" />
<set-header name="WWW-Authenticate" exists-action="override">
<value>Bearer error="invalid_token"</value>
</set-header>
</return-response>
</when>
</choose>
<base />
</inbound>

Elements

Element

Description

Required

send-request

Root element.

Yes

url

The URL of the request.

No if mode=copy; otherwise yes.

method

The HTTP method for the request.

No if mode=copy; otherwise yes.

header

Request header. Use multiple header elements for multiple request headers.

No

body

The request body.

No

Attributes

Attribute

Description

Required

Default

mode="string"

Determines whether this is a new request or a copy of the current request. In outbound mode, mode=copy does not initialize the request body.

No

New

response-variable-name="string"

The name of context variable that will receive a response object. If the variable doesn't exist, it will be created upon successful execution of the policy and will become accessible via context.Variable collection.

Yes

N/A

timeout="integer"

The timeout interval in seconds before the call to the URL fails.

No

60

ignore-error

If true and the request results in an error:

  • If response-variable-name was specified it will contain a null value.

  • If response-variable-name was not specified, context.Request will not be updated.

No

false

name

Specifies the name of the header to be set.

Yes

N/A

exists-action

Specifies what action to take when the header is already specified. This attribute must have one of the following values:

  • override – replaces the value of the existing header,

  • skip – does not replace the existing header value,

  • append – appends the value to the existing header value,

  • delete – removes the header from the request.

When set to override enlisting multiple entries with the same name results in the header being set according to all entries (which will be listed multiple times); only listed values will be set in the result.

No

override

Usage

This policy can be used in the inbound, outbound, and on-error policy scopes.

Questions? We're always happy to help with any issues you might have! Send us an email to support@youngapp.co or request the demo with our sales team!