HTTP Request policy

Attach an HTTP Request policy to an HTTPRequest or HTTPAsyncRequest node to control connection properties at run time.

You can use an HTTP Request policy to define the security operations that are completed by an HTTPRequest or HTTPAsyncRequest node in a message flow. Use an HTTP Request policy when you want to configure the connection to use basic authentication or API key credentials provided by a credentials provider such as the App Connect Enterprise vault or the mqsisetdbparms command.

To attach an HTTP Request policy to an HTTPRequest or HTTPAsyncRequest node, set the Policy property of the node to the name of the policy, in the format {policyProjectName}:policyName.

You must deploy this policy before message flows that use the policy are started.

Table 1. Properties of the HTTP Request policy
Property	Property name in .policyxml file	Description of properties
Accept self-signed certificates	acceptSelfSignedCerts	This property specifies whether self-signed certificates will be accepted, and can be set to `true` or `false`. If you want to be able to accept self-signed certificates that are trusted and used only in a non-production environment, set this value to `true`. The default value is `false`.
API key location	apiKeyLocation	This property specifies the location in the HTTP request where the API key is stored: To pass the API key in the request header, set this value to `header`. To pass the API key in a URL-encoded format in the request body, set this value to `body URL encoded.` The API key name and API key are appended to the request body using this format: `&APIkeyname=APIkeyvalue`.
API key name	apiKeyName	The property specifies the header or body parameter that is used to store the API key.
Credential name	credentialName	This property specifies the name of the credential that is used for the connection.
Endpoint URL	endpointUrl	This property specifies a URL that can be used to override the protocol, host, and port in the endpoint URL that is called by the HTTPRequest or HTTPAsyncRequest node. This property enables you to use the same flow to call different endpoints by setting up multiple accounts with different override URLs defined in a policy. Specify this value in the format `http://host:port` or `https://host:port`.
Endpoint URL override behavior	endpointURLOverrideBehaviour	This property specifies which parts of the endpoint URL that is specified in the HTTPRequest node can be overridden by the endpointUrl property in the policy. Valid values are: ProtocolHostAndPort Override the protocol, host, and port parts of the URL. The path part of the URL is not overridden. The original path specified on the HTTPRequest node is retained and any path that is included in the endpointURL property on the policy is ignored. ProtocolHostPortAndPath Override the protocol, host, port, and path parts of the URL. The full URL specified on the HTTPRequest node is replaced with the URL that is specified in the endpointURL property of the policy.