Target system needs basic authentication in header

anonymous · August 24, 2020, 6:02pm

Hi,

I am new to Apigee. I am trying to pass basic authorization userid and password in the header.

I need to pass it to target server though I do not want to accept it from users. I want to hardcode it in the Assign message policy.

Where should I add the assign message policy for the header? Below is my code in assign message:

AM-auth-code

Basic encodeduserid:password value

true

Can you please suggest what am I missing here?

How can I check if the correct header is being passed to the call? Is there place I can see all the headers?

anonymous · August 24, 2020, 6:34pm

Hi Mugdha,

You can add the assignmessage policy to your target endpoint’s request preflow.

A good practice is to have the basic auth credentials stored in an encrypted KVM and retrieve the value using the KVM-Operations policy with a fetch operation.

Secondly, you can also use a Basic Authentication policy with the encode operation to set the base64 encoded value into the header without the use of assign message policy.

You can refer to the samples at - https://docs.apigee.com/api-platform/reference/policies/basic-authentication-policy#samples

anonymous · August 24, 2020, 6:46pm

You can set the headers in assign message policy and configure this anywhere in the request flow that is the request of preflow, request of post flow of either proxy endpoint, or target endpoint. You can see the headers immediately after the policy in the trace. But I would suggest seeing the curl request details just before the request to the target server.

I see you are using lower case header tag

Basic encodeduserid:password value

and you should use Header in the upper case.

By default your Authorization header value will be seen as ***** in trace and I would suggest to put the confidential information in encrypted KVM or private.varibalename in the flow.

anonymous · August 24, 2020, 7:28pm

hi Priyadarshi,

When I changed header to Header it helped me to see the header that I was not able to see.

It was helpful. Thank you.

Thanks,

Mugdha

anonymous · August 24, 2020, 7:28pm

Thank you Nagashree. It was helpful.

anonymous · August 24, 2020, 7:30pm

You are welcome.

anonymous · January 25, 2021, 10:28am

@Priyadarshi Ajitav Jena hello dear ,

Iam facing the same issue and im new to apigee , can you please help me how to add authntication header to the target step by step .

anonymous · January 25, 2021, 11:58am

@Suboh, you need to create one assign message policy. In the set section will be there.

Replace that to

Basic encodeduserid:password value

Encoded userid and password will be of base64 encoding.

Assign the policy to target endpoint preflow request.

Topic		Replies	Views
How to include user name and password before I call a secured(basic authentication) web service Apigee api-runtime	9	9	July 4, 2017
Basic Authentication with header format Authorization user:pass format Apigee api-runtime	1	13	July 25, 2017
Added header values not getting in target endpoint Apigee api-runtime	3	17	August 2, 2018

Target system needs basic authentication in header

AI Suggested topics