API Connect context variables
List of IBM® API
Connect
context variables that you can reference when defining default parameter values in an assembly
operation, or by using the getContext()
function when defining a
policy.
For more information about implementing an assembly component, see Including components in your assembly, and for information about how to reference context variables in API Connect see Variable references in API Connect and Using context variables in GatewayScript and XSLT policies with the DataPower API Gateway.
For more information about creating a user-defined policy, see Authoring policies.
General context variables
- For plan variables (such as
plan.name
orplan.version
), plan information is available only when the requested operation requires identification and the client passes the authentication check. - If you deploy your API to the DataPower® Gateway (v5 compatible) then, with the exception of client ID and client secret, the passing of form input as a parameter into an API is not supported. This restriction does not apply if you deploy your API to the DataPower API Gateway.
Name | Description |
---|---|
api.catalog.id |
The ID of the Catalog in which the API is published. |
api.catalog.name |
The name of the Catalog in which the API is published. |
api.catalog.path |
The path segment that represents this Catalog. |
api.document |
The OpenAPI document. |
api.endpoint.address |
The address of the API Gateway endpoint. |
api.endpoint.hostname |
The host name of the API Gateway endpoint, as requested by the application. |
api.name |
The name of the API; this corresponds to the x-ibm-name field in the OpenAPI definition for the
API. |
api.operation.id |
The ID of the operation. |
api.operation.path |
The path of the operation. |
api.org.id |
The organization ID of the API provider. |
api.org.name |
The organization short name of the API provider. |
api.properties.propertyname |
The name of a custom API property. Property values are Catalog specific. Note:
|
api.root |
The API basepath. |
api.type |
The API type; REST or SOAP. |
api.version |
The version string of the API. |
client.app.id |
The client ID or application key that is received on the request. |
client.app.lifecycle-state |
The lifecycle status of the calling client application. The possible values are as
follows:
|
client.app.metadata.key |
The string value of an application metadata key, where key is the name of
the key. You can add metadata keys to an application by using either the apic apps:create or the apic apps:update command; you include the metadata keys in the configuration file parameter that is passed to the command. For
example:
where
myapp.yaml contains the
following:
You
can then retrieve the value of a metadata key in an API assembly policy by using a context variable
such as the following:
Note that adding application metadata might impact gateway transaction performance. |
client.app.name |
The name of the application that is identified as having issued the request. |
client.app.secret |
The client secret that is received in the request. |
client.org.id |
The unique identification key of the organization that owns this application. |
client.org.name |
The name of the organization that owns this application. |
client.result |
The result of the client security policy, which is SUCCESS or
FAILURE . |
client.third_party.type |
The type of user registry used for third-party authentication of the extracted client
credentials. The possible values are LDAP and auth-url . |
client.third_party.headers |
The array of headers added to the request that was sent to that API authentication URL during third-party authentication. |
client.third_party.response.authenticated |
The third-party authentication results. The possible values are as follows:
|
client.third_party.response.user |
The user for third-party authentication. |
client.title |
The title for the credentials that are received in the request. |
env.name |
The name of the Catalog in which the API is published. |
env.path |
The path segment that represents this Catalog. |
message.body |
The payload of the request or response message. Note: The
message.body
context variable is not supported with getContext() function. Use the
getvariable() function instead. |
message.headers.name |
The value of the current named header of the message or of the current named header of the
root part of a multipart message. The name segment is case-insensitive. |
message.status.code |
The HTTP status code of the response. |
message.status.reason |
The HTTP reason phrase of the response. |
plan.name |
The name of the plan. |
plan.id |
The unique identifier of the plan. |
plan.version |
The version number of the plan. |
plan.rate-limit |
The rate limit (the number of API calls per time interval) of the plan. |
request.authorization |
The parsed HTTP authorization header. |
request.body |
The payload from the incoming request. |
request.content-type |
Normalized content-type value. |
request.date |
A date object that represents approximately when the request was received by the Gateway. |
request.headers.headername |
The value of the original named header of the HTTP request, or the value of the current named
header of the root part of a multipart request. The headername segment is case-insensitive. |
request.parameters |
You can obtain your incoming parameters from path and query parameters. |
request.path |
The path section of the request.uri that starts with the base path of the
API, including the '/' character that begins the base path. |
request.querystring |
The request query string without the leading question mark. |
request.search |
The request query string with the leading question mark. |
request.uri |
The full HTTP request URI from the application. |
request.verb |
The HTTP verb of this request. |
session.apiGateway |
The gateway that receives the request. |
session.apiGatewayName |
The name of the API gateway as defined in the API Manager. |
session.clientAddress |
The address of the client that sent the request. |
session.domainName |
The name of the domain that the gateway belongs to. |
session.globalTransactionID |
The global transaction ID in the logs. |
session.localAddress |
The address of the gateway on the DataPower® Gateway. |
session.timeStarted |
The time that the gateway started to process the request. |
session.transactionID |
The transaction ID of the gateway request. |
system.datetime |
Returns a string that represents the current date and time in the system time zone of the gateway. |
system.time |
Returns a string that represents the current time in the system time zone of the gateway. |
system.time.hour |
Returns a number 0 - 23 inclusive, representing the hour of the current time in the system time zone of the gateway. |
system.time.minute |
Returns a number 0 - 59 inclusive representing the minute of the current time in the system time zone of the gateway. |
system.time.seconds |
Returns a number 0 - 59 inclusive representing the seconds of the current time in the system time zone of the gateway. |
system.date |
Returns a string that represents the current date in the system time zone of the gateway. |
system.date.day-of-week |
Returns a number 1 - 7 (Monday to Sunday) inclusive representing the day of the week in the system time zone of the gateway. |
system.date.day-of-month |
Returns a number 1 - 31 representing the day of the month in the system time zone of the gateway. |
system.date.month |
Returns a number 1 - 12 representing the month in the system time zone of the gateway. |
system.date.year |
Returns a four-digit number that represents the year in the system time zone of the gateway. |
system.timezone |
Returns a system time zone ISO 8601 identifier for the gateway, which might include a sign, a
two-digit hour, and minutes. For example, -04:00 . |
OAuth context variables - DataPower Gateway (v5 compatible)
The OAuth context variables described in this section apply only to the DataPower Gateway (v5 compatible). For details of the OAuth context variables that apply to the DataPower API Gateway, see OAuth context variables.
Name | Description |
---|---|
oauth.access-token |
If the request is authenticated with OAuth, this variable contains the access token string. |
oauth.miscinfo |
This variable contains information explicitly included in the Authentication URL and Metadata
URL headers. For more information, see Authenticate URL. |
oauth.not-after |
If the request is authenticated with OAuth, this variable contains the date when the token expires. |
oauth.not-before |
If the request is authenticated with OAuth, this variable contains the date when the token was issued. |
oauth.resource-owner |
If the request is authenticated with OAuth, this variable contains the name of the resource owner. |
oauth.scope |
If the request is authenticated with OAuth, this variable contains the scope of this access token. |
oauth.introspect.active |
Always available to introspection. Boolean value. |
oauth.introspect.response |
Always available to introspection. Shows the complete current response payload. Example
payload value: {“active”:true, “client_id”, “xxx-xxx”, “token_type”, “bearer”,
“scope”:“neon”} |
Other variables might be available from the third party, in the form of:
oauth.introspect.<variable> |
Decoding the previous example payload, the following variables are made available for further
processing.
|
Application certificate context variables
The following table describes context variables that are available when a certificate is used to verify access to an API, although these will vary depending on the signature mechanism that is being used; for more information, see the Internet X.509 Public Key Infrastructure Certificate and CRL Profile specification.
Name | Description |
---|---|
application.certificate.Base64 |
Base64 format. |
application.certificate.fingerprint |
Fingerprint |
application.certificate.Version |
Version |
application.certificate.SerialNumber |
Serial number |
application.certificate.SignatureAlgorithm |
Signing algorithm |
application.certificate.Issuer |
The issuer of the certificate |
application.certificate.Subject |
Subject |
application.certificate.NotBefore |
Not valid before this date |
application.certificate.NotAfter |
Not valid after this date |
application.certificate.SubjectPublicKeyAlgorithm |
Algorithm for the subject public key |
application.certificate.SubjectPublicKeyBitLength |
Length for the subject public key |
application.certificate.KeyValue.type |
Various context variables that depend on the algorithm and key. The following are possible
context variables:
|
API activity logging context variables
If activity logging is enabled for an API, a log
context variable is created;
the log
context variable contains the data relating to an API execution event. On
completion of API execution, the log
context variable is written to an API event
record that is stored for subsequent access by API analytics. For details of the fields contained in
the log
context variable, see API
event record fields.
- If you are using the DataPower API Gateway, you configure activity logging in the API configuration settings; see Activity logging with the DataPower API Gateway.
- If you are using the DataPower Gateway (v5 compatible), you configure activity logging by adding an Activity Log policy to the API assembly.
log
context variable, but you can modify it in an API assembly; for example:- Add your own data values by using a Set Variable policy.
- Remove or redact data values by using a Redaction policy; see Redaction - DataPower API Gateway or Redaction - DataPower Gateway (v5 compatible).
- Modify or replace the
log
context variable by using a Log policy.