Use the set-headers statement to add, update, or remove HTTP request and response headers before they're returned to the API gateway. This statement applies to permit decisions produced by custom API Access Management policies.

Screen capture showing the Set Headers statement, including the statement name, description, code, payload, and the kinds of decisions the statement applies to.

Code

set-headers

Payload

The payload for this statement is a JSON object that contains key-value pairs. For each pair, the key is the name of the header field to set, and the value is the new value of the header field. The value can be:

  • null: Removes the header field.
  • A string: Sets the header field to that value.
  • An array of strings: Sets the header field to all of the string values.

    If the header field supports multiple values, such as the Accept field, the decision service repeats the header field for each string in the array. If a header field doesn’t support multiple values, such as the Content-Type field, the decision service sets the header field to the last string in the array.

If a header field already exists, the decision service overwrites it. If a header field doesn’t already exist, the decision service adds it, unless the value is null.

Format: { "Header-Name": "header-value" }

Example

The following payload instructs the decision service to add a custom request header.

Example payload: { "X-UserName": "user@bankexample.com" }

Original headers:

Host: bankingexample.com:1443
Content-Length: 13
Accept: application/json

Modified headers:

Host: bankingexample.com:1443
Content-Length: 13
Accept: application/json
X-UserName: user@bankexample.com