Use the set-headers
statement to add, update, or remove HTTP request and
response headers before they're returned to the API gateway. This statement applies
to permit decisions produced by custom API Access Management policies.
Code
set-headers
Payload
The payload for this statement is a JSON object that contains key-value pairs. For each pair, the key is the name of the header field to set, and the value is the new value of the header field. The value can be:
null
: Removes the header field.- A string: Sets the header field to that value.
- An array of strings: Sets the header field to all of the string values.
If the header field supports multiple values, such as the
Accept
field, the decision service repeats the header field for each string in the array. If a header field doesn’t support multiple values, such as theContent-Type
field, the decision service sets the header field to the last string in the array.
If a header field already exists, the decision service overwrites it. If a header field
doesn’t already exist, the decision service adds it, unless the value is
null
.
Format: { "Header-Name": "header-value" }
Example
The following payload instructs the decision service to add a custom request header.
Example payload: { "X-UserName": "user@bankexample.com" }
Original headers:
Host: bankingexample.com:1443
Content-Length: 13
Accept: application/json
Modified headers:
Host: bankingexample.com:1443
Content-Length: 13
Accept: application/json
X-UserName: user@bankexample.com