Ana içeriğe atla

Overview

Variable is a structure used to extract data from API traffic messages for policy needs. It is used to extract data from different parts of HTTP requests (header, parameter, body, etc.). Variables are used in policies, conditions, and other API configurations to dynamically access request/response data.

Basic Properties

PropertyTypeRequiredDescription
namestringYesUnique name of the variable
descriptionstringNoDescription for the variable
typeEnumVariableTypeYesVariable type. See Variable Types

Note

  • name must be unique within a project

Variable Types

Variables support the following types:
  • HEADER - Extract data from HTTP headers
  • PARAMETER - Extract data from URL parameters (query, path, form)
  • BODY - Extract data from request/response body (XML, JSON, or raw body)
  • CONTEXT_VALUES - Extract data from system context values
  • CUSTOM - Custom variable defined with script

Variable Types and Required Fields

HEADER Type

Extract data from HTTP headers.
FieldTypeRequiredDescription
typestringYesMust be HEADER
headerNamestringYesName of the HTTP header field in request or response message

Example

{
  "name": "apiKeyVariable",
  "description": "Extracts API key from header",
  "type": "HEADER",
  "headerName": "X-API-Key"
}

PARAMETER Type

Extract data from URL parameters (query, path, or form).
FieldTypeRequiredDescription
typestringYesMust be PARAMETER
paramTypestringYesParameter type. See EnumVariableParameterType
paramNamestringYesName of the parameter in request message
paramPathstringYes*Template path to use for “path” parameter (required if paramType=PATH)
formNamestringNoForm field name (optional, used if paramType=FORM and differs from paramName)

Note

  • For paramType=QUERY: Use paramName only
  • For paramType=PATH: Use paramName and paramPath (required)
  • For paramType=FORM: Use paramName (required), formName is optional and typically same as paramName unless you need a different field name

EnumVariableParameterType (paramType)

  • QUERY - Query parameter (e.g., ?userId=123)
  • PATH - Path parameter (e.g., /users/{userId})
  • FORM - Form parameter (form data)
Example 1: Query Parameter 
{
  "name": "userIdFromQuery",
  "description": "Extracts user ID from query parameter",
  "type": "PARAMETER",
  "paramType": "QUERY",
  "paramName": "userId"
}
Example 2: Path Parameter 
{
  "name": "orderIdFromPath",
  "description": "Extracts order ID from path",
  "type": "PARAMETER",
  "paramType": "PATH",
  "paramName": "orderId",
  "paramPath": "/orders/{orderId}"
}
Example 3: Form Parameter 
{
  "name": "usernameFromForm",
  "description": "Extracts username from form data",
  "type": "PARAMETER",
  "paramType": "FORM",
  "paramName": "username",
  "formName": "username"
}

BODY Type

Extract data from request/response body (XML, JSON, or raw body).
FieldTypeRequiredDescription
typestringYesMust be BODY
messageContentTypestringYesContent type. See EnumMessageContentType
xpathValuestringYes*XPath expression for XML body data (required if messageContentType=XML)
jsonPathValuestringYes*JsonPath expression for JSON body data (required if messageContentType=JSON)

EnumMessageContentType (messageContentType)

  • XML - XML content type
  • JSON - JSON content type
  • ALL_BODY - Raw body content (all body)
Example 1: XML Body 
{
  "name": "customerNameFromXml",
  "description": "Extracts customer name from XML body",
  "type": "BODY",
  "messageContentType": "XML",
  "xpathValue": "//customer/firstName"
}
Example 2: JSON Body 
{
  "name": "emailFromJson",
  "description": "Extracts email address from JSON body",
  "type": "BODY",
  "messageContentType": "JSON",
  "jsonPathValue": "$.user.contact.email"
}
Example 3: All Body 
{
  "name": "rawBody",
  "description": "Extracts raw body content",
  "type": "BODY",
  "messageContentType": "ALL_BODY"
}

CONTEXT_VALUES Type

Extract data from system context values.
FieldTypeRequiredDescription
typestringYesMust be CONTEXT_VALUES
contextValuestringYesContext value type. See EnumVariableContextValue
zoneIdstringYes*Time zone ID (required for some context values, e.g., date/time values)

Example

{
  "name": "requestTime",
  "description": "Extracts request time from system context",
  "type": "CONTEXT_VALUES",
  "contextValue": "DATETIME_EPOCH_MILLIS",
  "zoneId": "Europe/Istanbul"
}

CUSTOM Type

Custom variable defined with script.
FieldTypeRequiredDefaultDescription
typestringYes-Must be CUSTOM
initWithScriptbooleanNofalseWhether to initialize with script (default: false)
scriptLanguagestringYes*-Script language (required if initWithScript=true). See EnumScriptType
scriptBodystringYes*-Script body code (required if initWithScript=true)

Note

  • If initWithScript is true, both scriptLanguage and scriptBody must be provided
  • If initWithScript is false (default), script fields are optional

Example

{
  "name": "customVariable",
  "description": "Custom variable with script",
  "type": "CUSTOM",
  "initWithScript": true,
  "scriptLanguage": "JAVASCRIPT",
  "scriptBody": "return request.header['X-User-ID'];"
}

EnumVariableContextValue

Context values available for CONTEXT_VALUES type variables.
Context ValueDescription
REQUEST_REMOTE_ADDRESSClient IP address
REQUEST_HTTP_METHODHTTP method (GET, POST, etc.)
REQUEST_CONTENT_TYPERequest content type
REQUEST_PATH_INFORequest path information
REQUEST_CONTEXT_PATHContext path information
REQUEST_QUERY_STRINGURL query string parameters
REQUEST_REMOTE_USERRemote user information
REQUEST_USERNAME_KEYUsername or key
REQUEST_REQUESTED_SESSION_IDSession ID
REQUEST_REQUEST_URIRequest URI
REQUEST_CHARACTER_ENCODINGCharacter encoding
REQUEST_CHARSETCharset information
REQUEST_CONTENT_LENGTHContent length
REQUEST_PROTOCOLProtocol used
REQUEST_SCHEMEProtocol scheme (http, https)
REQUEST_SERVER_NAMEServer name
REQUEST_SERVER_PORTServer port number
REQUEST_REMOTE_HOSTRemote host information
REQUEST_REMOTE_PORTRemote port number
REQUEST_LOCAL_NAMELocal server name
REQUEST_LOCAL_ADDRLocal IP address
REQUEST_LOCAL_PORTLocal port number
REQUEST_XFORWARDED_FORX-Forwarded-For header value

Request Status Information

Context ValueDescription
REQUEST_IS_SOAP_TO_RESTWhether SOAP to REST conversion is active
REQUEST_IS_APIPROXYAPI Proxy check
REQUEST_IS_APIPROXYGROUPAPI Proxy Group check
REQUEST_IS_XWWW_FORM_URL_ENCODEDForm URL encoded format check
REQUEST_IS_FORM_DATAForm data format check
REQUEST_IS_BYTE_ARRAYByte array format check
REQUEST_HAS_ATTACHMENTAttachment check
REQUEST_GZIPGZIP compression status
REQUEST_DEFLATEDEFLATE compression status
REQUEST_BRBrotli compression status
REQUEST_ZSTDZstandard compression status
REQUEST_IDENTITYIdentity encoding status
REQUEST_COMPRESSCompress encoding status
REQUEST_HTTP_SERVLETHTTP Servlet information
Context ValueDescription
RESPONSE_IS_BYTE_ARRAYWhether response is in byte array format
RESPONSE_GZIPGZIP compression status
RESPONSE_DEFLATEDEFLATE compression status
RESPONSE_BRBrotli compression status
RESPONSE_ZSTDZstandard compression status
RESPONSE_IDENTITYIdentity encoding status
RESPONSE_COMPRESSCompress encoding status
RESPONSE_STATUS_CODEHTTP status code
RESPONSE_HTTP_SERVLETHTTP Servlet information
Context ValueDescription
MESSAGE_CORRELATION_IDMessage correlation ID
Context ValueDescription
ENVIRONMENT_IDEnvironment ID
ENVIRONMENT_NAMEEnvironment name
ENVIRONMENT_CERTIFICATECertificate map
ENVIRONMENT_PRIVATEKEYPrivate key map
ENVIRONMENT_PUBLICKEYPublic key map
ENVIRONMENT_SECRETKEYSecret key map
ENVIRONMENT_KEYSTOREKeystore map
ENVIRONMENT_JWKJWK map

API Proxy Group/Proxy/Method Values

Context ValueDescription
APIPROXYGROUP_IDAPI Proxy Group ID
APIPROXYGROUP_NAMEAPI Proxy Group name
APIPROXY_IDAPI Proxy ID
APIPROXY_NAMEAPI Proxy name
APIMETHOD_IDAPI Method ID
APIMETHOD_NAMEAPI Method name
APIMETHOD_SOAP_ACTIONSOAP action value
APIMETHOD_HTTPMETHODHTTP method
APIMETHOD_ENDPOINTEndpoint information
APIMETHOD_BACKEND_HTTPMETHODBackend HTTP method
APIMETHOD_BACKEND_ENDPOINTBackend endpoint information
Context ValueDescriptionzoneId Required
DATETIME_YEARYearYes
DATETIME_MONTHMonthYes
DATETIME_DAY_OF_WEEKDay of weekYes
DATETIME_DAY_OF_MONTHDay of monthYes
DATETIME_HOURHourYes
DATETIME_MINUTEMinuteYes
DATETIME_SECONDSecondYes
DATETIME_EPOCH_MILLISEpoch millisecondsYes
DATETIME_FORMATTED_TEXTFormatted date-timeYes
DATE_FORMATTED_TEXTFormatted dateYes
TIME_FORMATTED_TEXTFormatted timeYes
Note: Date/time context values require zoneId field to be specified.

Credential Values

Context ValueDescription
CREDENTIAL_USERNAMEUsername
CREDENTIAL_EMAILEmail address
CREDENTIAL_FULLNAMEFull name
CREDENTIAL_SECRETKEYSecret key
CREDENTIAL_CERTIFICATECertificate
CREDENTIAL_PUBLICKEYPublic key
CREDENTIAL_PRIVATEKEYPrivate key
CREDENTIAL_KEYSTOREKeystore
CREDENTIAL_TRUSTSTORETruststore
CREDENTIAL_JWK_SIGNANDVALIDATIONJWK for signing and validation
CREDENTIAL_JWK_ENCRYPTIONANDDECRYPTIONJWK for encryption and decryption

Complete Variable Examples

Example 1: Header Variable

{
  "name": "apiKeyVariable",
  "description": "Extracts API key from header",
  "type": "HEADER",
  "headerName": "X-API-Key"
}

Example 2: Query Parameter Variable

{
  "name": "userIdFromQuery",
  "description": "Extracts user ID from query parameter",
  "type": "PARAMETER",
  "paramType": "QUERY",
  "paramName": "userId"
}

Example 3: Path Parameter Variable

{
  "name": "orderIdFromPath",
  "description": "Extracts order ID from path",
  "type": "PARAMETER",
  "paramType": "PATH",
  "paramName": "orderId",
  "paramPath": "/orders/{orderId}"
}

Example 4: XML Body Variable

{
  "name": "customerNameFromXml",
  "description": "Extracts customer name from XML body",
  "type": "BODY",
  "messageContentType": "XML",
  "xpathValue": "//customer/firstName"
}

Example 5: JSON Body Variable

{
  "name": "emailFromJson",
  "description": "Extracts email address from JSON body",
  "type": "BODY",
  "messageContentType": "JSON",
  "jsonPathValue": "$.user.contact.email"
}

Example 6: Context Variable (Client IP)

{
  "name": "clientIp",
  "description": "Extracts client IP address",
  "type": "CONTEXT_VALUES",
  "contextValue": "REQUEST_REMOTE_ADDRESS"
}

Example 7: Context Variable (Date/Time)

{
  "name": "requestTime",
  "description": "Extracts request time",
  "type": "CONTEXT_VALUES",
  "contextValue": "DATETIME_EPOCH_MILLIS",
  "zoneId": "Europe/Istanbul"
}

Example 8: Custom Variable

{
  "name": "customUserId",
  "description": "Custom variable to extract user ID",
  "type": "CUSTOM",
  "initWithScript": true,
  "scriptLanguage": "JAVASCRIPT",
  "scriptBody": "var header = request.header['X-User-ID']; return header ? header : request.header['Authorization'].split(' ')[1];"
}

Usage in Policies

Variables are used in various policies:
  • API Based Throttling - targetVariableForIdentity to identify clients
  • RLCL - targetVariable for rate limiting
  • Conditions - firstVariable and secondVariable for condition rules
  • Content Filter - Variables to filter content
  • Redaction - Variables to identify data to redact
  • Encryption/Decryption - Variables for source and target data

Notes and Warnings

  • Variable Names:
    • Variable names must be unique within a project
    • Use descriptive names for better understanding
  • Required Fields:
    • Each variable type has specific required fields
    • Missing required fields will cause validation errors
  • Context Values:
    • Date/time context values require zoneId field
    • Use IANA time zone identifiers (e.g., “Europe/Istanbul”, “America/New_York”)
  • XPath/JsonPath:
    • XPath expressions are used for XML content
    • JsonPath expressions are used for JSON content
    • Ensure expressions are valid for the content type
  • Custom Scripts:
    • Custom variables use scripts to extract data
    • Script language must be specified
    • Scripts have access to request/response objects