The API Gateway has a default mediation flow, which you can extend by adding custom mediation sequences. You create a custom mediation sequences either manually or using WSO2 tooling support (i.e., WSO2 Developer Studio), and then engage it per API or globally to all APIs.
Creating per-API extensions
The recommended way to engage a mediation extension sequence per API is to upload an XML file through the registry and then engage it using the API Publisher. The following tutorial shows how to do this: Change the Default Mediation Flow of API Requests.
Alternatively, you can name the mediation XML file in the pattern
<API_NAME>:v<VERSION>--<DIRECTION> and save it directly in the following location:
- In the single-tenant mode, save the XML file in the
- In the multi-tenant mode, save the XML file in the tenant's synapse sequence folder. For example, if tenant id is 1, then save it in
In the naming pattern, the
<DIRECTION> can be
Out. When it is
In, the extension is triggered on the in-flow (request path) and when it is
Out, the extension is triggered on the out-flow (response path). To change the default fault sequence, you can either modify the default sequence or write a custom fault sequence and engage it to APIs through the API Publisher.
An example synapse configuration of a Per API Extension sequence created for an API named 'admin--TwitterSearch' with version '1.0.0' is given bellow.
You can copy this content into an XML file (twittersearch_ext.xml) and save it in the <API_Gateway>/repository/deployment/server/synapse-configs/default/sequences directory.
The above sequence prints a log message on the console whenever the TwitterSearch API is invoked.
Creating global extensions
You can also engage mediation extension sequences to all APIs in the API Manager at once. To do that, simply create the XML with the naming pattern
WSO2AM--Ext--<DIRECTION> and save it in the
An example synapse configuration of a Global Extension sequence is given below.
This custom sequence will assign the value of your basic authentication to Authorization header.
To see this at work, copy this content into an xml file (global_ext.xml) and save it in the <API_Gateway>/repository/deployment/server/synapse-configs/default/sequences directory.
When you involve your REST API via a REST Client, configure that client to have a custom header (Authentication) for your basic authentication credential and configure ‘Authorization’ header to contain the bearer token for the API. Then when you send Authentication and Authorization headers, Gateway will drop Authorization header and convert Authentication to Authorization header and send to the backend.