3

We are trying to use the API Manager (1.10) to call an existing API (POST) that already uses an Authorization header token. I several things including using mediation according to an article entitled "Pass a Custom Authorization Token to the Backend" and that didn't seem to work.

I finally tried setting the "Auth Type" to "None" which according to documentation should just pass the API call directly to the backend (including the authorization header). This didn't work either. The call gets to the backend service but seems to lose the Authorization header so it throws an 400 error (the same error I get when I leave out the header and call the backend api directly using SoapUI).

Any help would be appreciated!

Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
Ray
  • 41
  • 3
  • can you share your API configuration, and try to catch the messages with TCPMON? – Jorge Infante Osorio Mar 04 '16 at 15:04
  • Not sure how to share the API configuration. It is rest, 2 formdata parameters, header authorization used by the backend and has authtype of None. Here is the results from TCPMON: 6d {"error":"server_error","error_description":"There was an error processing your request. Please try again."} 0 – Ray Mar 04 '16 at 18:15
  • BTW - This error is from the backend service so it seems like the request is getting to it but is missing the authorization header. – Ray Mar 04 '16 at 18:22
  • What was the problem you had, when you follow [Pass a Custom Authorization Token to the Backend](https://docs.wso2.com/display/AM1100/Pass+a+Custom+Authorization+Token+to+the+Backend) documentation? – Abimaran Kugathasan Mar 04 '16 at 19:34
  • Apparently user error :-) Previously I was sending the Custom field in Soap UI as form data rather than in the header as I defined it in the API Manager. Once I put that in the header it worked. So I have a way to make it work. However I would still like to have it working where I can just pass-through an API call to the backend service that uses an authorization header. – Ray Mar 04 '16 at 20:50
  • can you enable wire logs and post the whole wire log (which will have request coming to am, request going out from am to backend and the resposes). see http://mytecheye.blogspot.com/2013/09/wso2-esb-all-about-wire-logs.html. – Chamila Adhikarinayake Mar 07 '16 at 05:02

2 Answers2

0

  1. If you want to have authorization (oauth token validation) at the API gateway as well as want to pass the custom authorization header to back end, you will need to follow the setup described in the documentation[1].

  2. If you want to disable authorization at the API gateway level by setting the authorization type[2] to "none" and want to pass the Authorization header (custom) from client to the back end through the API gateway, you need to do the following steps.

By default, the API gateway will drop the "Authorization" header without sending it to the backend[3]. To send the Authorization header to the backend through the API gateway, uncomment the following property and set its value as "false" in <wso2am-home>/repository/conf/api-manager.xml and 

<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>

[1] https://docs.wso2.com/display/AM1100/Pass+a+Custom+Authorization+Token+to+the+Backend
[2] https://docs.wso2.com/display/AM1100/Key+Concepts#KeyConcepts-HTTPmethods
[3] https://docs.wso2.com/display/AM1100/FAQ#FAQ-HowcanIremovetheauthenticationheadersfromthemessagegoingoutoftheAPIGatewaytothebackend

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Jenananthan
  • 1,381
  • 2
  • 10
  • 20
0

If you followed the instructions here, it should work.

I have implemented this for several projects and I can attest it did work.

You may turn on wire logs via configuring log4j.properties, inspect the wire log and see what happens.

J D
  • 274
  • 3
  • 17