Request and Response Transformation

What is Request and Response Transformation?

API Gateway plays a crucial role in managing and facilitating communication between different services in a microservices architecture or between clients and servers. Request and response transformation in API Gateway involves modifying the format or content of incoming requests or outgoing responses to meet the requirements of both the clients and the services.

Let’s explore this concept with a use case. Imagine you are managing an e-commerce website, and you want to implement request and response transformations to improve security and customize the response.

E-Commerce API Request Header Transformation

You want to enhance the security of your e-commerce API by implementing a custom security header, X-Api-Consumer-Secret, in the incoming requests. This header must carry an API secret key and be present in all requests. You can use this header to authorize API requests.

Before you begin

Ensure that you have:

To transform the API request header

  1. Click APIs in the title navigation bar.

  2. Click Create API to create an e-commerce REST API. For example, you can use the sample ConsumerAPI from the Github repository.

  3. Select Import API from file. Click Browse and select the ConsumerAPI file.

  4. Provide the following details:

    • Name: ConsumerAPI
    • Description: E-commerce API
    • Version: 1.0
  5. Click Create.

  6. Click Edit to add the Request Transformation policy.

  7. Select Policies > Request Processing > Request Transformation. The Request Transformation policy properties section appears.

  8. In the Condition section, select OR. The configured transformation is applied when at least one of the conditions is satisfied.

    Note
    The condition can also be set to AND operator. The configured transformation is applied only when all the set conditions are satisfied.
  9. Click Add Condition to configure the conditions to evaluate the contents on the request.

  10. Provide the following information:

    • Variable: ${request.headers.X-Api-Consumer-Secret}
    • Operator: Equals
    • Value: xyz

    This condition checks for the presence of the X-Api-Consumer-Secret header with a specific value. In this case, xyz.

  11. Click Add.

    The condition to authorize the API request is created.

  12. Select Transformation Configuration > Header/Query/Path transformation.

    The Header/Query/Path transformation section appears.

  13. In Add/Modify section, provide the following information:

    • Variable: X-Api-Provider-Secret
    • Value: 123
  14. Click Add.

  15. Click Save.

    If the condition to authorize the API request is met, API Gateway transforms the request by adding a new header, X-Api-Provider-Secret with the API secret key value 123 and authorizes the API request.

Response Message Transformation

You want to display a custom message based on the response, depending on the value of the X-Api-Provider-Secret header.

Before you begin

Ensure that you have:

Manage APIs or Activate / Deactivate API’s functional privilege. If you are an Administrator, you would have this privilege by default.

To transform the response message

  1. Click APIs in the title navigation bar.

    A list of available APIs appears.

  2. Open e-commerce API. For example, you can use the sample ConsumerAPI from the Github repository.

  3. Click Edit to Response Transformation policy to the Consumer API.

  4. Select Policies > Response Processing > Response Transformation.

    The Response Transformation policy properties section appears.

  5. In the Condition section, select OR. The configured transformation is applied when at least one of the conditions is satisfied.

    Note
    The condition can also be set to AND operator. The configured transformation is applied only when all the set conditions are satisfied.
  6. Click Add Condition to configure the conditions to evaluate the contents on the request.

  7. Provide the following information:

    • Variable: ${request.headers.X-Api-Provider-Secret}
    • Operator: Equals
    • Value: Accepted
  8. Click Add.

    The condition checks the value of the X-Api-Provider-Secret header to determine the appropriate transformation. In this case, Accepted.

  9. Select Transformation Configuration > Status transformation.

    The Status transformation policy properties section appears.

  10. Provide the following information:

    • Code: ${response.statusCode}
    • Message:: Request has been processed successfully
  11. Click Save.

    API Gateway checks the value of the X-Api-Provider-Secret header to determine the appropriate transformation. If the header value is Accepted, the response status message is modified to indicate that the request is processed successfully.

    Next Steps

    Now that you have created a e-commerce REST API and implemented the request and response transformation policies, ensure the applied policies work as expected by utilizing API testing tools. For details about how to test the API, see Testing Request and Response Transformation Policies.

Testing Request and Response Transformation Policies

You can test request and response transformation policy by invoking the REST API URI in Postman.

Specify the REST API URI with the required method in the format as follows:

Let’s test the request and response transformation policies applied for the ConsumerAPI example. In this example, to test whether the request and response transformation policies are working as expected, let’s the invoke the API endpoint by adding the X-Api-Consumer-Secret header with the API secret key value xyz. The API request should be authorized and retrieve the product information with the customized response.

Before you begin

Ensure that you have Postman installed in your system, or you can you use the web version of Postman.

To test request and response transformation policies using Postman

  1. In the Postman UI, select the HTTP method as GET.

  2. Invoke the endpoint, http://hostname/gateway/ConsumerAPI/1.0/product.

  3. In the Authorization tab, select the type as Basic Auth and provide the login credentials of the API Gateway instance.

  4. In the Headers tab, provide the following details:

    • Key: X-Api-Consumer-Secret
    • Value: xyz
  5. Click Send.

    The REST API is successfully invoked, transforming the request and response according to the applied policies for request and response transformation, displaying the customized response along with the product details.