Contents
The API Gateway can strip a named HTTP header from the message as it passes through a policy. This is especially useful in cases where end-user credentials are passed to the API Gateway in an HTTP header. After processing the credentials, you can use the Remove HTTP Header filter to strip the header from the message to ensure that it is not forwarded on to the destination web service.
To configure the Remove HTTP Header filter, perform the following steps:
-
Enter an appropriate name for this filter in the Name field.
-
Specify name of the HTTP header to remove in the HTTP Header Name field.
-
Select the Fail if header is not present check box to configure the API Gateway to abort the filter if the message does not contain the named HTTP header. Headers can be added to the message using the Add HTTP header filter.
