Prevent WSO2 AM of dropping authorization token from request

Question

As per documentation

When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. link

I want to pass this token to the backend for every published API. What is the correct place to configure such behavior?

score 4 · Accepted Answer · answered Jan 13 '18 at 14:15

4

Uncomment below configuration in repository/conf/api-manager.xml and set false.

<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>

answered Jan 13 '18 at 14:15

Bee

12,251
11
46
73

Pradeepal Sudeshana · Answer 2 · 2021-04-08T08:09:30.820

From API Manager version 3.0.0 onwards configuration model has been changed. So any changes done in api-manager.xml get reverted after the server restart.

Now we need to change <API-M_HOME>/repository/conf/deployment.toml

Uncomment and set the following lines:

[apim.oauth_config]
enable_outbound_auth_header = true

enable_outbound_auth_header string Default: FALSE If TRUE, sends Auth header to the backend as received from the client.

Prevent WSO2 AM of dropping authorization token from request

2 Answers2