Managing HTTP Headers with Oracle API Platform by Robert Wunderlich


Imagine you have a service that is secured with Basic Auth or better yet OAuth2 and you would like to leverage the complete capabilities of an API Platform so you choose to create an API and deploy it to a gateway running in front of your service.

When you call your service directly from within your internal network, everything works, providing you include the appropriate Authorization header that your service expects. However, when you call the API endpoint on your gateway, the endpoint you will make available to your consumers, it does not work. You are passing everything as your original call, you’ve just modified the end-point to point to your gateway load balancer address and API end-point. What happened?

Well, most of the headers you pass to the gateway will simply pass through by default, with the exception of Authorization. Here is an example of a real simple API I created.

This API receives a request to the "echo" end-point and simply passes it to so we can see the result. So, as we can see, I am not really including any security policies in my API. I am choosing to leave that to the back-end service in this case. What happens if I call this API passing with an Authorization header. As you can see below, it is not included in the headers.

This is because the gateway is an authorization and policy enforcement engine and in most cases, when we validate the user at the gateway, we do not want to pass that header to the back-end systems. But what if we do want to pass that header? It turns out this is quite simple. We add the header to our Service Request policy. Read the complete article here.


PaaS Partner Community

For regular information on Oracle PaaS become a member in the SOA & BPM Partner Community for registration please visit (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Technorati Tags: SOA Community,Oracle SOA,Oracle BPM,OPN,Jürgen Kress

About Jürgen Kress
As a middleware expert Jürgen works at Oracle EMEA Alliances and Channels, responsible for Oracle’s EMEA Fusion Middleware partner business. He is the founder of the Oracle SOA & BPM and the WebLogic Partner Communities and the global Oracle Partner Advisory Councils. With more than 5000 members from all over the world the Middleware Partner Community is the most successful and active community at Oracle. Jürgen manages the community with monthly newsletters, webcasts and conferences. He hosts his annual Fusion Middleware Partner Community Forums and the Fusion Middleware Summer Camps, where more than 200 partners get product updates, roadmap insights and hands-on trainings. Supplemented by many web 2.0 tools like twitter, discussion forums, online communities, blogs and wikis. For the SOA & Cloud Symposium by Thomas Erl, Jürgen is a member of the steering board. He is also a frequent speaker at conferences like the SOA & BPM Integration Days, JAX, UKOUG, OUGN, or OOP.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: