Request context propagation
Propagate incoming HTTP request headers and query parameters to outgoing REST API calls.
Overview
OMS can capture incoming HTTP request headers and query parameters and make them available throughout the service execution, enabling following benefits:
- Token reuse
- Correlation ID propagation
- Gateway-based security models
- MCP and API Gateway integrations
Security model
Request context propagation uses a whitelist-based security model:
- Whitelist-based header propagation
- Explicit opt-in via configuration
- Read-only access for customers
- No automatic leakage of headers
Header whitelisting
Default whitelisted headers:
Authorization, Content-Type, Accept, X-*
These headers are whitelisted by default:
Authorization- Authentication tokensContent-Type- Request content typeAccept- Response content type preferenceX-*- All headers starting withX-such asX-Correlation-ID,X-Request-ID,X-API-Key
You can override the default whitelist by configuring the following property:
yfs.rest.allowed.headers=Authorization,Content-Type,Accept,X-*,Custom-Header
#{h:} syntax.Header propagation
You can override incoming headers by specifying a different value in the service definition.
<Header Name="Authorization" Value="#{h:authorization}"/><Header Name="Authorization" Value="Bearer my-static-token"/><Header Name="Authorization" Value="Bearer ${my.override.token}"/>Default whitelisted headers:
Authorization, Content-Type, Accept, X-*
These headers are whitelisted by default:
Authorization- Authentication tokensContent-Type- Request content typeAccept- Response content type preferenceX-*- All headers starting withX-such asX-Correlation-ID,X-Request-ID,X-API-Key
You can override the default whitelist by configuring the following property:
yfs.rest.allowed.headers=Authorization,Content-Type,Accept,X-*,Custom-Header
#{h:} syntax.Query parameter propagation
You can propagate incoming query parameters to the outgoing REST API call using the
#{q:paramName} syntax.
- `#{q:itemId}` - Propagates the `itemId` query parameter
- `#{q:page}` - Propagates the `page` query parameter
- `#{q:limit}` - Propagates the `limit` query parameter
You can also use static values (`"value"`), properties (`${property}`), or extract from JSON/XML (`$.json` or `/xpath`) for query parameters. For more information, see Dynamic variable resolution.
Programmatic access
You can access incoming headers and query parameters programmatically in custom code or UI
extensions using the YCPRequestContextUtil utility class.
Available methods:
Get specific header:
String authHeader = YCPRequestContextUtil.getHeader(env, "Authorization");
Map<String, String> allHeaders = YCPRequestContextUtil.getAllHeaders(env);Get specific query parameter:
String itemId = YCPRequestContextUtil.getQueryParameter(env, "itemId");
Map<String, String> allParams = YCPRequestContextUtil.getAllQueryParameters(env);Example usage in custom code:
import com.yantra.yfs.japi.util.YCPRequestContextUtil;
public class MyCustomService {
public void execute(YFSEnvironment env, Document input) {
// Get Authorization header
String authToken = YCPRequestContextUtil.getHeader(env, "Authorization");
// Get correlation ID
String correlationId = YCPRequestContextUtil.getHeader(env, "X-Correlation-ID");
// Get query parameter
String itemId = YCPRequestContextUtil.getQueryParameter(env, "itemId");
// Use these values in your custom logic
if (authToken != null) {
// Process with auth token
}
}
}
Complete example
Scenario: Propagate authentication token, correlation ID, and query parameter to an external inventory API.
Incoming request:
POST /executeFlow/checkInventory?itemId=ITEM001
Authorization: Bearer abc123
X-Correlation-ID: corr-789
Service definition configuration:
Outgoing REST call automatically includes
- Same authorization token
- Same correlation ID
- Same query parameter
No Java code required. No payload manipulation needed.