This documentation is for WSO2 API Manager 1.10.0 View documentation for the latest release.
Page Comparison - Pass a Custom Authorization Token to the Backend (v.1 vs v.2) - API Manager 1.10.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include PageAPICloud:Pass a Custom Authorization Token to the BackendAPICloud:Pass a Custom Authorization Token to the BackendWhen you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. In this tutorial, we explain how to pass a custom authorization token that is different to the authorization token generated for the application.

Panel
bgColor#d3d3d3

In this tutorial, you have a sample JAX-RS backend and it always expects 1234 as the authorization token. In your API request, you pass the token that is generated in the Authorization header, and 1234 in a Custom header. The mediation extension you write extracts the value of the Custom header, and sets it as the Authorization header before sending it to the backend.

Here's a summary:

Client (headers: Authorization, custom) -> Gateway (drop: Authorization, convert: custom->Authorization) -> Backend

Let's get started.

  1. Download WSO2 Developer Studio (version 3.8.0 is used here) from http://wso2.com/products/developer-studio/ and open it by double clicking the Eclipse.app file inside the downloaded folder. 

  2. Click Window > Open Perspective > Other to open the Eclipse perspective selection window. Alternatively, click the Open Perspective icon shown below at the top right corner.

    Image Added

  3. On the dialog box that appears, click WSO2 APIManager and click OK.
    Image Added
  4. On the APIM perspective, click the Login icon as shown below.
    Image Added
  5. On the dialog box that appears, enter the URL, username and password of the Publisher server.
    Image Added
  6. On the tree view that appears, expand the folder structure of the existing API.
  7. Right-click on the in sequence folder and click Create to create a new in sequence.
    Image Added
  8.  Name the sequence TokenExchange.
    Image Added

  9. Your sequence now appears on the Developer Studio console. From under the Mediators section, drag and drop a Property mediator to your sequence and give the following values to the mediator.

    Tip

    Tip: The Property Mediator has no direct impact on a message, but rather on the message context flowing through Synapse. For more information, see Property Mediator in the WSO2 ESB documentation.

    Property NameNew Property
    New Property NameCustom
    Value TypeEXPRESSION
    Value Expressionget-property('transport', 'Custom')

    Image Added

  10. Similarly, add another Property mediator to your sequence and give the following values to the mediator.

    Property NameNew Property
    New Property NameAuthorization
    Value TypeEXPRESSION
    Value Expressionget-property('Custom')
    Property Scopetransport

    Image Added

  11. Add a third Property mediator to your sequence and give the following values to the mediator.

    Property NameNew Property
    New Property NameCustom
    Property Actionremove
    Property Scopetransport

    Image Added

  12. Save the sequence. 

  13. Right-click on the sequence and click Commit File to push the changes to the Publisher server.
    Image Added

    Let's create a new API and engage the sequence you created to it.

  14. Log in to the API Publisher, click the Add link and give the information in the table below.

    FieldSample value
    NameTestAPI1
    Context/test1
    Version1.0.0
    VisibilityPublic

    Image Added

  15. Leave the Resources section blank, and click Implement. Add a wildcard resource (/*) when prompted. Click Implement again to move to the Implement tab.
    Image Added

  16. The Implement tab opens. Give the information in the table below. 

    Image Added

  17. Select the Enable Message Mediation check box, engage the In sequence that you created earlier and click Manage.
     Image Added
  18. In the Manage tab, select the Gold tier and click Save and Publish to publish the API to the API Store.
    Image Added

    Let's subscribe to the API and invoke it.

  19. Log in to the API Store and subscribe to the API using an available application and the Gold tier. If there are no applications available by default, create one. 

    Image Added

  20. When prompted, choose to go to the My Subscriptions page, and generate an access token to invoke the API.
    Image Added

  21. Install any REST client in your machine. We use cURL here.

  22. Go to the command line, and invoke the API using the following cURL command. In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header. 

    Code Block
    curl -H "Authorization: Bearer <access token>" -H "Custom: Bearer 1234" <API URL>

    Note the following:

    • <access token> is the token that you got in step 20.
    • <API URL> appears on the API's Overview page in the API Store. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.

    Here's an example:

    Code Block
    curl -k -H "Authorization: Bearer 2e25097b2b3fbbfb44f5642fa8a495a1" -H "Custom: Bearer 1234" https://localhost:8243/test1/1.0.0
  23. Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."
    Image Added

In this tutorial, you passed a custom token that the backend expects along with the system-generated Authorization token, and invoked an API successfully by swapping the system's token with your custom token.