Transforming E-commerce API request header

Edit online

Before you begin

Make sure that you have the following-

  • Manage APIs or Activate or Deactivate API's functional privilege. If you are an Administrator, you must have this privilege by default.
  • Sample REST API file to create an API by using the importer. For example, ConsumerAPI.

About this task

You want to enhance the security of your e-commerce API by implementing a custom security header, X-Api-Consumer-Secret, in the incoming requests. This header must carry an API secret key and be present in all requests. You can use this header to authorize API requests.

Procedure

  1. Open the menu options and select APIs.
  2. Click Create API to create an e-commerce REST API. For example, Consumer API.
  3. Select Import API from file. Click Browse and select the ConsumerAPI file.
  4. Provide the following details.
    • Name- ConsumerAPI
    • Description- E-commerce API
    • Version- 1.0
  5. Click Create.
  6. Click Edit to add the Request Transformation policy.
  7. Select Policies > Request Processing > Request Transformation. The Request Transformation policy properties section appears.
  8. In the Condition section, select OR.
    The configured transformation is applied when at least one of the conditions is satisfied.
    Note: The condition can also be set to AND operator. The configured transformation is applied only when all the set conditions are satisfied.
  9. Click Add Condition to configure the conditions to evaluate the contents on the request.
  10. Provide the following information.
    • Variable- ${request.headers.X-API-Consumer-Secret}
    • Operator- Equals
    • Value- xyz
    This condition checks for the presence of the X-Api-Consumer-Secret header with a specific value. In this case, xyz.
  11. Click Add.
    The condition to authorize the API request is created.
  12. Select Transformation Configuration > Header/Query/Path transformation.
    The Header/Query/Path transformation section appears.
  13. In the Add or Modify section, provide the following information.
    • Variable: X-Api-Provider-Secret
    • Value: 123
  14. Click Add.
  15. Click Save.
    If the condition to authorize the API request is met, webMethods API Gateway transforms the request. webMethods API Gateway adds a new header, X-Api-Provider-Secret with the API secret key value 123 and authorizes the API request.