whats covered:
fronting a bearer token secured endpoint using a mediation policy for
APIM 1.10.0
If a requirement
arises to front a bearer token secured API while maintaining
API manager authentication mechanism(though this is unlikely and
should probably be avoided) it could be met using a mediation policy.
1) Create a mediation policy with the logic
The mediation policy
should be such that it takes in the bearer token(of the back-end
service) passed in as a custom transport level header value and
passes it on to the backend service with correct formating. This can be achieved using a property mediator[1], header mediator[2] and a few synapse
built in functions.
<?xml version="1.0" encoding="UTF-8"?>
<sequence xmlns="http://ws.apache.org/ns/synapse" name="bearersequence">
<property xmlns:ns="http://org.apache.synapse/xsd" name="btoken" expression="$trp:token" scope="default" type="STRING"></property>
<header xmlns:ns="http://org.apache.synapse/xsd" name="Authorization" scope="transport" expression="fn:concat('Bearer ', get-property('btoken'))"></header>
<header name="token" scope="transport" action="remove"></header>
</sequence>
download the example mediation policy from here[3]
2) Attach the mediation policy to the API In flow
Start creating an
API with required HTTP methods etc, select Manage API from
implementation and from Message Mediation Policies section upload the
mediation policy to the in flow. Publish the API.
3) Invoke
Invoke the API with the bearer token of the backend service set to a header named "token" (as this is the header name that we have configured in the mediation policy).