I need to call a rest service using HTTPS as part of my SI flow. I may additionally have to send user name and password as headers to authorize my access. What are the tools available to configure this in spring integration?
Thank You
HTTPS should "just work".
You can set headers with a header enricher and set mapped-request-headers on the outbound gateway to ensure your headers are mapped.
For more sophistication, you can customize the RestTemplate and inject it into the outbound endpoint.
See here for an example of configuring the underlying request factory.
Related
I am trying to call the Azure-hosted API endpoint using a 3rd party application. Application sends the HTTP request with the header values ContentType = "*/*";
Azure Application Gateway WAF blocks the request showing the below diagnostics logs.
I am aware that, I can add an exclusion in the Web Application Firewall settings, however, I am not able to extract the Request Header Name since the logs do not show the value due to the wildcard(ContentType = "*/*";) content type sent by the 3rd party app.
I added the below rule, but it is still blocking the request.
How can I allow the request via the AGW?
Please find the logs below.
Thanks in advance.
Hello I am trying to deploy my Azure Machine Learning pipeline with a REST endpoint. My problem is that I was able to generate an endpoint but has some sensitive information in it (ex: subscription id, resource group, etc). How can I generate a URL that forwards the request body to my Azure ML REST endpoint?
also, here is an approach I've done:
Used Application Gateway Redirect (this approach didn't forward the request body. It instead turned my POST request into a GET request when it redirected to the correct URL.)
The issue is raised because of some of the default security headers dependent on REST API and web based. Need to set the REST API CSP HEADER. Check the request and response headers in config file of the web application.
So, I have an API in Azure-API-Management, which is attached to a function. I want to expose one the method in API as Web-hook for another application CRM. It will be an inbound web-hook.
Is it possible ?
A webhook endpoint is like any other HTTP endpoint that usually expects a POST request from an external system. So, yes.
Depending on the CRM Application, you could leverage APIMs built-in security features to authenticate the webhook call without having to validate credentials in your function as a bonus for using APIM.
We have API exposed to our customers through API Management. The security is handled using subscription key which is expected in "Ocp-Apim-Subscription-Key" header.
One of our methods supports polling trigger specifications, with "Location" and "Retry-After" header in response. For one of our customers we want to create Logic Apps, that would fire some actions on this trigger.
We set up HTTP trigger where we provided "Ocp-Apim-Subscription-Key" header in inputs parameters.
Here is the problem. The header is added only to the first request. Subsequent requests using "Location" url don't have this "Ocp-Apim-Subscription-Key" header, so they are rejected by API Management proxy.
I verified that header is in fact missing with some mock API, so it's definitely on Logic Apps end.
Does anyone have any idea how to resolve it?
I am wondering if it is possible to do conditional cross-domain calls to the service only when a "vendor key" is given to an authorised 3rd party.
Remotely:
When the service is called by some authorised remote server, service enables CROS feature, but a "vendor key" is required as a parameter or cookies.
Locally:
When the service is called by its own web server, ajax calls are accepted as usual. The "vendor key" parameter is not required when local server hits a CROS service.
Could you please give me some direction on how to implement it?
Here's the implementation of the EnableCors Request Filter Attribute.
Just change the implementation to look at the incoming IHttpRequest and only print the headers when your conditions are met.
You can also do this with a global request filter or adhoc, manually - in your service implementation.