With the Script Policy, header, parameter, body and error message contents of the request or response messages can be processed with the selected script language.

The picture below shows the policy settings:


The policy fields are shown in the table below.

FieldDescription
NameThe name can be written to facilitate the use and management of the policy. You will need this name during the management and selection of policies.
DescriptionAn optional description of the policy that may be useful for usage and management activities.
Execution TypeThe execution of the script can be determined to be synchronous or asynchronous.
Script LanguageThe type of script that will be written to the body; Javascript, Groovy
Script Body

Script code is written to operate on the request or response pipeline.

It can be added to the body area by clicking on the links of the variables given according to the regions of the message.

Try it

The script to be run is tested. Trial operation is done on a dialog.

About Script Policy Execution

The original version of the incoming request message (Client to API Proxy) and the original version of the returned response message (Backend API to API Proxy) cannot be changed, only reading can be made on this data. Both reading and modification can be done on the request to be sent to the Backend API (API Proxy to Backend API) and the response that will be returned to the client (API Proxy to Client).

The read and change operations to be made include the metadata, header, parameter and body parts of the message. Various keywords are used to access these fields on the script which we called flow variables. These flow variables vary according to the region to be accessed.

If we want to formulate flow variables, we can express them as follows:

  • To access headers → <request|response>HeaderMap<From|To><Client|TargetAPI>
  • To access URL parameters → <request>UrlParamMap<From|To><Client|TargetAPI>
  • To access Form URL Encoded parameters → <request>FormUrlEncodedList<From|To><Client|TargetAPI>
  • To access Form Data parameters → <request>FormDataList<From|To><Client|TargetAPI>
  • To access body → <request|response>BodyText<From|To><Client|TargetAPI>
  • To terminate the policy and return a customized error message → <request|response>ErrorMessage<From|To><Client|TargetAPI>
  • To change status codes→statusCode<From|To><Client|TargetAPI>

There are also some other specific flow variables, which are:

  • requestUrlFromClient: Holds the URL which client sent request to
  • requestBackendUrlToTargetAPI: If user wants to change Path of Backend URL of request, this field can be used. This variable's default value is empty and if a value is set to this variable, then the request target context path is changed with this value. 
  • customVariableMap: Custom variables can be created specifically for API Proxy's business logic, and these variables can be read and written on the request and response lines. In the business rule policy, its value can be also used via the keyword added to this map.
  • contextValues: Context Values of Message can be used to read the data that Apinizer keeps specific for each request. Only reading can be done on these values.

For example;

  • When the request from the client reaches Apinizer, that is, if it is want to access the body content of the original request, change the requestBodyTextFromClient variable,
  • If you want to access the headers of Apinizer when transmitting the incoming request to the Backend API, set the requestHeaderMapToTargetAPI variable,
  • If you want to access the headers of the response from the Backend API when it is sent to Apinizer, set the responseHeaderMapFromTargetAPI variable,
  • You can use the variable responseBodyTextToClient to access the body of the response that Apinizer returns to the client.

Flow Variables

Variables

Pipeline

The Source of Its Value

Data Type

Allowed Action

Description

Example Usage

requestHeaderMapFromClientRequestClient → ApinizerMap<String, String>ReadIt is used to access the header values of the original version of the request when it reaches Apinizer.String value= requestHeaderMapFromClient.get("Content-Type");
requestUrlParamMapFromClientRequestClient → ApinizerMap<String, String>ReadIt is used to access the query parameter values of the original version of the request when it reaches Apinizer.String value= requestUrlParamMapFromClient.get("param");
requestBodyTextFromClientRequestClient → ApinizerStringReadIt is used to access the body of the original version of the request when it reaches Apinizer.String value= requestBodyTextFromClient;
requestFormUrlEncodedListFromClientRequestClient → ApinizerList<BasicNameValuePair>ReadIt is used to access the "Form URL- Encoded" parameter values of the original version of the request when it reaches Apinizer.

import org.apache.http.message.BasicNameValuePair

String selectedValue;
for (BasicNameValuePair nameValuePair : requestFormUrlEncodedListFromClient) {
   if("test".equals(nameValuePair.getName())){
       selectedValue=nameValuePair.getValue();
   }

}

requestFormDataListFromClientRequestClient → ApinizerList<ApinizerRequestBodyPart>ReadIt is used to access the "Form Data" parameter values of the original version of the request when it reaches Apinizer.

import com.apinizer.common.global.apinizerrequest.*;

for (ApinizerRequestBodyPart bodyPart : requestFormDataListFromClient) {
    if(bodyPart.getBodyPartType().isText()){
        ApinizerRequestTextBody textBodyPart = ((ApinizerRequestTextBody)bodyPart));
        String text=textBodyPart.getText();
        //do some logic
    }else{//bodyPart.getBodyPartType().isBinary()
        ApinizerRequestBinaryBody binaryBodyPart = ((ApinizerRequestBinaryBody)bodyPart));
        byte[] byteArr=binaryBodyPart.getContent();
        String fileName=binaryBodyPart.getFileName();
        //do some logic
    }
}

requestHeaderMapToTargetAPIRequestApinizer → Backend APIMap<String, String>Read, WriteIt is used to access the header values of the request going from Apinizer to the Backend API. The values in this field include the changes made in the request pipeline and their values may differ from the original request coming to Apinizer. This value will reach to Backend API. 

String value= requestHeaderMapToTargetAPI.get("Content-Type");

requestHeaderMapToTargetAPI.put("Content-Type","application/json");

requestUrlParamMapToTargetAPIRequestApinizer → Backend APIMap<String, String>Read, WriteIt is used to access the query parameters values of the request going from Apinizer to the Backend API. The values in this field include the changes made in the request pipeline and their values may differ from the original request coming to Apinizer. This value will reach to Backend API. 

String value= requestUrlParamMapToTargetAPI.get("param");

requestHeaderMapToTargetAPI.put("param","value");

requestBodyTextToTargetAPIRequestApinizer → Backend APIStringRead, WriteIt is used to access the body of the request going from Apinizer to the Backend API. The value in this field include the changes made in the request pipeline and its value may differ from the original request coming to Apinizer. This value will reach to Backend API. 

String value= requestBodyTextToTargetAPI;

requestBodyTextToTargetAPI= "<body>";

requestFormUrlEncodedListToTargetAPIRequestApinizer → Backend APIList<BasicNameValuePair>Read, WriteIt is used to access the "Form URL Encoded" parameters values of the request going from Apinizer to the Backend API. The values in this field include the changes made in the request pipeline and their values may differ from the original request coming to Apinizer. This value will reach to Backend API. 

import org.apache.http.message.BasicNameValuePair

String selectedValue;
for (BasicNameValuePair nameValuePair : requestFormUrlEncodedListToTargetAPI) {
   if("test".equals(nameValuePair.getName())){
       selectedValue=nameValuePair.getValue();
   }

}

requestFormDataListToTargetAPIRequestApinizer → Backend APIList<ApinizerRequestBodyPart>Read, WriteIt is used to access the "Form Data" parameters values of the request going from Apinizer to the Backend API. The values in this field include the changes made in the request pipeline and their values may differ from the original request coming to Apinizer. This value will reach to Backend API. 

import com.apinizer.common.global.apinizerrequest.*;

for (ApinizerRequestBodyPart bodyPart : requestFormDataListToTargetAPI) {
    if(bodyPart.getBodyPartType().isText()){
        ApinizerRequestTextBody textBodyPart = ((ApinizerRequestTextBody)bodyPart));
        String text=textBodyPart.getText();
        //do some logic
    }else{//bodyPart.getBodyPartType().isBinary()
        ApinizerRequestBinaryBody binaryBodyPart = ((ApinizerRequestBinaryBody)bodyPart));
        byte[] byteArr=binaryBodyPart.getContent();
        String fileName=binaryBodyPart.getFileName();
        //do some logic
    }
}

requestErrorMessageToTargetAPIRequestApinizer → Backend APIStringWriteIf an error message is wanted to be returned to the client by interrupting the flow on the request pipeline, the message to be returned is entered into this variable. If this message has value as a result of executing the script, the flow is interrupted and this value is returned to the client.requestErrorMessageToTargetAPI= "<body>";
statusCodeToTargetAPIRequestApinizer → Backend APIIntegerWriteIf you want to interrupt the flow on the request pipeline and return a message to the client, the status code to be returned is entered into this variable. Entering this value alone is not enough to stop the flow; the requestErrorMessageToTargetAPI value must have value to stop the flow.statusCodeToTargetAPI=500;
requestBackendUrlToTargetAPIRequestApinizer → Backend APIStringWriteThis field can be used if you want to change the context path of the Backend API URL. The default value of this variable is empty, and if a value is set to this variable, the target context path is replaced with this value.

If existing backend routing address is: "https://apinizer.com/api" and context path of request is: "/findByStatus?param=value", In this case the request goes to:

  • "https://apinizer.com/api/findByStatus?param=value"

If this code is executed: 

  • requestBackendUrlToTargetAPI="/new/path/value?p=v";

Then, the request goes to:

  • "https://apinizer.com/api/new/path/value?p=v"
responseHeaderMapFromTargetAPIResponseBackend API → ApinizerMap<String, String>ReadIt is used to access the header values of the original version when the response returned from the Backend API reaches the Apinizer.String value= responseHeaderMapFromTargetAPI.get("Content-Type");
responseBodyTextFromTargetAPIResponseBackend API → ApinizerStringReadIt is used to access the body of the original version when the response returned from the Backend API reaches the Apinizer.String value= responseBodyTextFromTargetAPI;
statusCodeFromTargetAPIResponseBackend API → ApinizerIntegerReadIt is used to access the status code of the original version when the response returned from the Backend API reaches the Apinizer.

int value=statusCodeFromTargetAPI;

responseHeaderMapToClientResponseApinizer → ClientMap<String, String>Read, WriteIt is used to access the header values of the response returned from Backend API to Apinizer. The values in this field include the changes made in the response pipeline and their values may differ from the original response returned to Apinizer. Client will be responded with this value.

String value= responseHeaderMapToClient.get("Content-Type");

responseHeaderMapToClient.put("Content-Type","application/json");

responseBodyTextToClientResponseApinizer → ClientStringRead, WriteIt is used to access the body of the response returned from Backend API to Apinizer. The values in this field include the changes made in the response pipeline and their values may differ from the original response returned to Apinizer. Client will be responded with this value.

String value= responseBodyTextToClient;

responseBodyTextToClient= "<body>";

responseErrorMessageToClientResponseApinizer → ClientStringRead, WriteIf an error message is wanted to be returned to the client by interrupting the flow on the response pipeline, the message to be returned is entered into this variable. If this message has value as a result of executing the script, the flow is interrupted and this value is returned to the client.responseErrorMessageToClient= "<body>";
statusCodeToClientResponseApinizer → ClientIntegerRead, WriteIf you want to interrupt the flow on the response pipeline and return a message to the client, the status code to be returned is entered into this variable. Entering this value alone is not enough to stop the flow; the responseErrorMessageToClient value must have value to stop the flow.

int value=statusCodeToClient;

statusCodeToClient=401;

If the script type is Groovy;

makes message body processing much easier.


When the flow is interrupted with error message variables, the error message returned to the client is whatever is written to the value of this variable, instead of using the Error Message Template.


Message Variables

VariablesThe Source of Its ValueData TypeAllowed ActionDescriptionExample Usage

Request Pipeline Variables

request_remoteAddress

Client → Apinizer

String

Read, Write

It is used to access the "Remote Address" value in the request from the client.

String value= request_remoteAddress;

request_remoteAddress= "<new value>";

request_httpMethod

Client → Apinizer

String

Read, Write

It is used to access the "HTTP Method" value in the request from the client.

String value= request_httpMethod;

request_httpMethod= "<new value>";

request_contentType

Client → Apinizer

String

Read, Write

It is used to access the "Content Type" value in the request from the client.

String value= request_contentType;

request_contentType= "<new value>";

request_pathInfo

Client → Apinizer

String

Read, Write

It is used to access the "Path Info" value in the request from the client.

String value=request_pathInfo ;

request_pathInfo= "<new value>";

request_contextPath

Client → Apinizer

String

Read, Write

It is used to access the "Context Path" value in the request from the client.

String value= request_contextPath;

request_contextPath= "<new value>";

request_queryString

Client → Apinizer

String

Read, Write

It is used to access the "Query String" value in the request from the client.

String value= request_queryString;

request_queryString= "<new value>";

request_remoteUser

Client → Apinizer

String

Read, Write

It is used to access the "Remote User" value in the request from the client.

String value= request_remoteUser;

request_remoteUser= "<new value>";

request_usernameOrKey

Client → Apinizer

String

Read, Write

It is used to access the "Username veya API Key" value in the request from the client.

If the request is verified with a security policy on Apinizer, this value is assigned by Apinizer, or a value can be assigned manually with data manipulation policies.

String value= request_usernameOrKey;

request_usernameOrKey= "<new value>";

request_requestedSessionId

Client → Apinizer

String

Read, Write

It is used to access the "Requested Session Id" value in the request from the client.

String value= request_requestedSessionId;

request_requestedSessionId= "<new value>";

request_requestURI

Client → Apinizer

String

Read, Write

It is used to access the "Request URI" value in the request from the client.

String value= request_requestURI;

request_requestURI= "<new value>";

request_characterEncoding

Client → Apinizer

String

Read, Write

It is used to access the "Character Encoding" value in the request from the client.

String value= request_characterEncoding;

request_characterEncoding= "<new value>";

request_charset

Client → Apinizer

String

Read, Write

It is used to access the "Charset" value in the request from the client.

String value= request_charset;

request_charset= "<new value>";

request_contentLength

Client → Apinizer

String

Read, Write

It is used to access the "Content Length" value in the request from the client.

String value= request_contentLength;

request_contentLength= "<new value>";

request_protocol

Client → Apinizer

String

Read, Write

It is used to access the "Protocol" value in the request from the client.

String value= request_protocol;

request_protocol= "<new value>";

request_scheme

Client → Apinizer

String

Read, Write

It is used to access the "Scheme" value in the request from the client.

String value= request_scheme;

request_scheme= "<new value>";

request_serverName

Client → Apinizer

String

Read, Write

It is used to access the "Server Name" value in the request from the client.

String value= request_serverName;

request_serverName= "<new value>";

request_serverPort

Client → Apinizer

String

Read, Write

It is used to access the "Server Port" value in the request from the client.

String value= request_serverPort;

request_serverPort= "<new value>";

request_remoteHost

Client → Apinizer

String

Read, Write

It is used to access the "Remote Host" value in the request from the client.

String value= request_remoteHost;

request_remoteHost = "<new value>";

request_remotePort

Client → Apinizer

String

Read, Write

It is used to access the "Remote Port" value in the request from the client.

String value= request_remotePort;

request_remotePort= "<new value>";

request_localName

Client → Apinizer

String

Read, Write

It is used to access the "Local Name" value in the request from the client.

String value= request_localName;

request_localName= "<new value>";

request_localAddr

Client → Apinizer

String

Read, Write

It is used to access the "Local Address" value in the request from the client.

String value= request_localAddr;

request_localAddr= "<new value>";

request_localPort

Client → Apinizer

String

Read, Write

It is used to access the "Local Port" value in the request from the client.

String value= request_localPort;

request_localPort= "<new value>";

request_xForwardedFor

Client → Apinizer

String

Read, Write

It is used to access the "X-Forwarded-For" value in the request from the client.

String value= request_xForwardedFor;

request_xForwardedFor= "<new value>";

request_isSoapToRest

Client → Apinizer

boolean

Read

It is the information whether the request from the client is sent to an API Proxy with SoapToRest conversion after it is interpreted in Apinizer. The value of this variable can be "true" or "false".

boolean value= request_isSoapToRest;

request_isSoapToRest= true/false;

request_isApiProxy

Client → Apinizer

boolean

Read

It is the information whether the request from the client reaches the API Proxy after it is interpreted in Apinizer. The value of this variable can be "true" or "false".

boolean value= request_isApiProxy;

request_isApiProxy = true/false;

request_isApiProxyGroup

Client → Apinizer

boolean

Read

It is the information whether the request from the client reaches the API Proxy Group after it is interpreted in Apinizer. The value of this variable can be "true" or "false".

boolean value= request_isApiProxyGroup;

request_isApiProxyGroup= true/false;

request_data_isXwwwFormUrlEncoded

Client → Apinizer

boolean

Read, Write

After the request from the client is interpreted in Apinizer, it is the information whether the request contains the application/x-www-form-urlencoded header. The value of this variable can be "true" or "false".

boolean value= request_data_isXwwwFormUrlEncoded;

request_data_isXwwwFormUrlEncoded= true/false;

request_data_isFormData

Client → Apinizer

boolean

Read, Write

After the request from the client is interpreted in Apinizer, it is the information whether the request contains form data. The value of this variable can be "true" or "false".

boolean value= request_data_isFormData;

request_data_isFormData= true/false;

request_data_isByteArray

Client → Apinizer

boolean

Read, Write

After the request from the client is interpreted in Apinizer, it is the information whether the request contains byte array. The value of this variable can be "true" or "false".

boolean value= request_data_isByteArray;

request_data_isByteArray= true/false;

request_data_hasAttachment

Client → Apinizer

boolean

Read

After the request from the client is interpreted in Apinizer, it is the information whether the request contains attachment. The value of this variable can be "true" or "false".

boolean value=request_data_hasAttachment ;

request_data_hasAttachment = true/false;

request_encoding_gzip

Client → Apinizer

boolean

Read, Write

After the request from the client is interpreted in Apinizer, it is the information whether the request data format is gzip or not. The value of this variable can be "true" or "false".

boolean value= request_encoding_gzip;

request_encoding_gzip= true/false;

request_encoding_deflate

Client → Apinizer

boolean

Read, Write

After the request from the client is interpreted in Apinizer, it is the information whether the request data format is deflate or not. The value of this variable can be "true" or "false".

boolean value= request_encoding_deflate;

request_encoding_deflate= true/false;

Response Pipeline Variables

response_data_isByteArray

Backend API → Apinizer

boolean

Read, Write

After the response returned from the Backend API is interpreted in Apinizer, it is the information whether the response contains "byte array" data. The value of this variable can be "true" or "false".

boolean value= response_data_isByteArray;

response_data_isByteArray= true/false;

response_encoding_gzip

Backend API → Apinizer

boolean

Read, Write

After the response returned from the Backend API is interpreted in Apinizer, it is information about whether the data format of the response is "gzip" or not. The value of this variable can be "true" or "false". If its value is false and set to true in the script, the data returned to the client is gzipped.

boolean value= response_encoding_gzip;

response_encoding_gzip= true/false;

response_encoding_deflate

Backend API → Apinizer

boolean

Read, Write

After the response returned from the Backend API is interpreted in Apinizer, it is information about whether the data format of the response is "defalte" or not. The value of this variable can be "true" or "false". If its value is false and set to true in the script, the data returned to the client is deflated.

boolean value= response_encoding_deflate;

response_encoding_deflate= true/false;

response_encoding_br

Backend API → Apinizer

boolean

Read, Write

After the response returned from the Backend API is interpreted in Apinizer, it is information about whether the data format of the response is "br" or not. The value of this variable can be "true" or "false". If its value is false and set to true in the script, the data returned to the client is compressed with br.

boolean value= response_encoding_br;

response_encoding_br= true/false;

response_statusCode

Backend API → Apinizer

Integer

Read, Write

It contains the status code value of the response returned from the Backend API.

Integer value= response_statusCode;

response_statusCode= 400;

Message Variables

message_correlationId

Client → Apinizer

String

Read, Write

As soon as the request from the client reaches Apinizer, Apinizer gives the request a unique ID and this ID is added to the response. This unique ID value can be accessed with this variable.

String value= message_correlationId;

message_correlationId= "<new value>";

environment_id

Client → Apinizer

String

Read

It is used to access the ID information of the "Environment" where API traffic is received and answered.

String value= environment_id;

environment_name

Client → Apinizer

String

Read

It is used to access the name information of the "Environment" where API traffic is received and answered.

String value= environment_name;

Environment Variables

apiProxyGroup_id

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Group, it is used to access the ID information of the "API Proxy Group".

String value= apiProxyGroup_id;

apiProxyGroup_name

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Group, it is used to access the name information of the "API Proxy Group".

String value= apiProxyGroup_name;

apiProxy_id

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy, it is used to access the ID information of the "API Proxy".

String value= apiProxy_id;

apiProxy_name

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy, it is used to access the name information of the "API Proxy".

String value= apiProxy_name;

apiMethod_id

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Method, it is used to access the ID information of the "API Proxy Method".

String value= apiMethod_id;

apiMethod_name

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Method, it is used to access the name information of the "API Proxy Method".

String value= apiMethod_name;

apiMethod_soapAction

Client → Apinizer

String

Read

If the request from the client is met by the "API Proxy Method",it is used to access the "Soap Action" value of the met "API Proxy Method" in the request from the client. Valid for SOAP type API Proxies.

String value= apiMethod_soapAction;

apiMethod_httpMethod

Client → Apinizer

String

Read

If the request from the client is met by the "API Proxy Endpoint",it is used to access the value"Http Method" value of the met "API Proxy Endpoint" in the incoming message.

String value= apiMethod_httpMethod;

apiMethod_endpoint

Client → Apinizer

String

Read

If the request from the client is met by the "API Proxy Endpoint",it is used to access the "Endpoint" value of the met "API Proxy Endpoint" in the incoming message.

String value= apiMethod_endpoint;

apiMethod_backend_httpMethod

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Endpoint, it is used to access the value indicating which "Http Method" value the met "API Proxy Endpoint" will go to in the "Backend API".

String value= apiMethod_backend_httpMethod;

apiMethod_backend_endpoint

Client → Apinizer

String

Read

If the request from the client is met by the API Proxy Endpoint, it is used to access the value indicating which "Endpoint" value the met "API Proxy Endpoint" will go to in the "Backend API".

String value= apiMethod_backend_endpoint;

dateTime_year

Runtime

Integer

Read

It is used to access the "year" information in UTC time at run time

Integer value= dateTime_year;

dateTime_month

Runtime

Integer

Read

It is used to access the "month" information in UTC time at run time

Integer value= dateTime_month;

dateTime_dayOfWeek

Runtime

Integer

Read

It is used to access the "day of the week" information in UTC time at run time. It takes values between 1 (Monday) and 7 (Sunday).

Integer value= dateTime_dayOfWeek;

dateTime_dayOfMonth

Runtime

Integer

Read

It is used to access the "day of the month" information in UTC time at run time. It takes values between 1 and 31.

Integer value= dateTime_dayOfMonth;

dateTime_hour

Runtime

Integer

Read

It is used to access the "hour of day" information in UTC time at run time. It takes values between 0 and 23.

Integer value= dateTime_hour;

dateTime_minute

Runtime

Integer

Read

It is used to access the "minute of hour" in UTC time at the run time. It takes values between 0 and 59.

Integer value= dateTime_minute;

dateTime_second

Runtime

Integer

Read

It is used to access the "second of minute" in UTC time at the run time. It takes values between 0 and 59.

Integer value= dateTime_second;

dateTime_epochMillis

Runtime

Long

Read

It is used to access "epoch millisecond" information in UTC time at run time. (Millisecond information from 1970-01-01T00:00:00Z to the moment of access)

Long value= dateTime_epochMillis;

dateTime_formattedText

Runtime

String

Read

It is used to access "date time" information in UTC time at runtime in the format “yyyy-MM-dd'T'HH:mm:ss.SSS'Z'".

String value= dateTime_formattedText;

date_formattedText

Runtime

String

Read

It is used to access "date" information in UTC time in the "yyyy-MM-dd" format at run time.

String value= date_formattedText;

time_formattedText

Runtime

String

Read

The request from the client is interpreted in Apinizer, and the information regarding whether the data format of the request is "deflate" or not is provided. The value of this variable can be either "true" or "false."

String value= time_formattedText;

environment_certificateMap

Runtime

Map<String, X509Certificate>

Read

It is used to access "X509Certificate" with its name which is deployed on Environment at runtime.

import java.security.cert.X509Certificate;

X509Certificate obj= environment_certificateMap.get("obj-name");

environment_privateKeyMap

Runtime

Map<String, java.security.PrivateKey>

Read

It is used to access "PrivateKey" with its name which is deployed on Environment at runtime.

import java.security.PrivateKey;

PrivateKey obj= environment_privateKeyMap.get("obj-name");

environment_publicKeyMap

Runtime

Map<String, java.security.PublicKey>

Read

It is used to access "PublicKey" with its name which is deployed on Environment at runtime.

import java.security.PublicKey;

PublicKey obj= environment_publicKeyMap.get("obj-name");

environment_secretKeyMap

Runtime

Map<String, javax.crypto.spec.SecretKeySpec>

Read

It is used to access "SecretKeySpec" with its name which is deployed on Environment at runtime.

import javax.crypto.spec.SecretKeySpec;

SecretKeySpec obj= environment_secretKeyMap.get("obj-name");

environment_keyStoreMap

Runtime

Map<String, java.security.KeyStore>

Read

It is used to access "KeyStore" with its name which is deployed on Environment at runtime.

import java.security.KeyStore

KeyStore obj= environment_keyStoreMap.get("obj-name");

environment_jwkMap

Runtime

Map<String, com.apinizer.common.apigw.jwk.Jwk>

Read

It is used to access "Jwk" with its name which is deployed on Environment at runtime.

import com.apinizer.common.apigw.jwk.Jwk

Jwk obj= environment_jwkMap.get("obj-name");

Credential Variables

credential_username

Runtime

String

Read

It is used to access the 'username' information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.

String value= credential_username;

credential_email

Runtime

String

Read

It is used to access the "email" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.

String value= credential_email;

credential_fullName

Runtime

String

Read

It is used to access the "full name" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.

String value= credential_fullName;

credential_secretKey

Runtime

javax.crypto.

SecretKey

ReadIt is used to access the "Secret Key" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.javax.crypto.SecretKey value=credential_secretKey;
credential_certificateRuntime

java.security.cert.

X509Certificate

ReadIt is used to access the "Certificate" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.java.security.cert.X509Certificate value=credential_certificate;
credential_publicKeyRuntime

java.security.

PublicKey

ReadIt is used to access the "Public Key" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.java.security.PublicKey value=credential_publicKey;
credential_privateKeyRuntime

java.security.

PrivateKey

ReadIt is used to access the "Private Key" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.java.security.PrivateKey value=credential_privateKey;
credential_keyStoreRuntime

java.security.

KeyStore

ReadIt is used to access the "Keystore" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.java.security.KeyStore value=credential_keyStore;
credential_trustStoreRuntime

java.security.

KeyStore

ReadIt is used to access the "Truststore" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.java.security.KeyStore value=credential_trustStore;
credential_jwkForValidationAndSignRuntime

com.apinizer.

common.apigw.

jwk.Jwk

ReadIt is used to access the "JWK used for signing and signature verification" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.com.apinizer.common.apigw.jwk.Jwk value=credential_jwkForValidationAndSign;
credential_jwkForDecryptionAndEncryptionRuntime

com.apinizer.

common.apigw.

jwk.Jwk

Read

It is used to access the "JWK used for encryption and decryption" information of the credential preset before politics. If the credential does not exist or is not set, its value becomes null.

com.apinizer.common.apigw.jwk.Jwk value=credential_jwkForDecryptionAndEncryption;


Custom Variables

Variable

Data Type

Allowed Action

Description

Example Usage

customVariableMap
Map<String, String>Read, Write

There may be a need to temporarily define variables with policies on the Request or Response pipeline and use them in the next policy. In this case, the variable "customVariableMap" can be used.

For example; It may be necessary to access and change the value of the variable named "testVariable", which was created with the business rule policy in the policy of an API Proxy before the script policy, in the script policy. In this case, the value assigned to this variable is read by below:

customVariableMap.get("testVariable").

Similarly, to create a custom variable in the script policy, it is necessary to write as below:

customVariableMap.put("testVariable","test value").

Thus, in the next policy, the value added in the script policy can be accessed by creating a variable of custom variable type and named "testVariable".

String value= responseHeaderMapToClient.get("Content-Type");

responseHeaderMapToClient.put("Content-Type","application/json");


The Script Policy added to the request line cannot access variables in the response line.

The Script Policy added to the response Line can only read the variables in the request Line.

Multi-value case of Header or Parameter fields

When assigning values to Title and Parameter information, in some cases there may be multiple values for the same key.

This situation is handled in the script policy as follows.

Due to backward compatibility restriction in Apinizer Script policy, if this key value is plural, it can be parsed with # while reading. If it is single, it should be treated as a normal string.


Suppose the following request which has multiple values for same header and query keys is made:

You can access multivalued Headers as below:

// reading from header map
String headerVal = requestHeaderMapToTargetAPI.get("multipleHeaderTest");
String[] headerArr = headerVal.split("#");

for (String val:headerArr) {
	// do some stuff with multiple values of "multipleHeaderTest""
}

headerVal = requestHeaderMapToTargetAPI.get("oneHeaderTest");
// do some stuff with single value of "oneHeaderTest"

// adding a new header "value" to existing one 
headerVal = headerVal + "#newHeaderScriptVal";
requestHeaderMapToTargetAPI.put("multipleHeaderTest", headerVal);
CODE

You can access multivalued Query Parameters as below:

// reading from param map
String paramVal = requestUrlParamMapToTargetAPI.get("multipleParamTest[]");
String[] paramArr = paramVal.split("#");

for (String val : paramArr) {
  	// do some stuff with multiple values of "multipleParamTest""
}

paramVal = requestUrlParamMapToTargetAPI.get("oneParamTest");
// do some stuff with single value of "oneParamTest"

// adding a new param "value" to existing one 
paramVal = requestUrlParamMapToTargetAPI.get("multipleParamTest[]") + "#newParamScriptVal";
requestUrlParamMapToTargetAPI.put("multipleParamTest[]", paramVal);
CODE


Testing the Script

Script can be tested with the Try it button at the bottom of the configuration area.


The image of the dialog containing the Script Test settings is given below:

Only the changes in the Target field are shown in the Result section.

You can visit the Policies page for the details of the Conditions and Error Message Customization panels.