Use case 1: E-Commerce API Request Header Transformation

Edit online

About this task

You want to enhance the security of your e-commerce API by implementing a custom security header, X-Api-Consumer-Secret, in the incoming requests. This header must carry an API secret key and be present in all requests. You can use this header to authorize API requests.

Before you begin

Ensure that you have:

  • Manage APIs or Activate/Deactivate APIs functional privilege. If you are an Administrator, you would have this privilege by default.
  • A sample REST API file to create an API using the importer. For example, you can download the sample ConsumerAPI from the Github repository.

To transform the API request header

Procedure

  1. Click APIs in the title navigation bar.
  2. Click Create API to create an e-commerce REST API. For example, you can use the sample ConsumerAPI from the Github repository.
  3. Select Import API from file. Click Browse and select the ConsumerAPI file.
  4. Provide the following details:
    1. Name: ConsumerAPI
    2. Description: E-commerce API
    3. Version: 1.0
  5. Click Create.
    Create API
  6. Click Edit to add the Request Transformation policy.
    Edit API
  7. Select Policies > Request Processing > Request Transformation.
    The Request Transformation policy properties section appears.
  8. In the Condition section, select OR.

    The configured transformation is applied when at least one of the conditions is satisfied.

    Note: The condition can also be set to AND operator. The configured transformation is applied only when all the set conditions are satisfied.
  9. Click Add Condition to configure the conditions to evaluate the contents on the request.
    Add condition
  10. Provide the following information:
    1. Variable: ${request.headers.X-Api-Consumer-Secret}
    2. Operator: Equals
    3. Value: xyz

    This condition checks for the presence of the X-Api-Consumer-Secret header with a specific value. In this case, xyz.

  11. Click Add.
    The condition to authorize the API request is created.
  12. Select Transformation Configuration > Header/Query/Path transformation.
    Header transformation
    The Header/Query/Path transformation section appears.
  13. In Add/Modify section, provide the following information:
    1. Variable: X-Api-Provider-Secret
    2. Value: 123
  14. Click Add.
  15. Click Save.
    If the condition to authorize the API request is met, webMethods API Gateway transforms the request by adding a new header, X-Api-Provider-Secret with the API secret key value 123 and authorizes the API request.