Hi Rainer,
By API Key, I assume your talking about the API's client-ip? That should be in the API Gateway Context client.app.id
See https://www.ibm.com/docs/en/api-connect/10.0.5.x_lts?topic=reference-api-connect-context-variables. In GatewayScript, context.get('client.app.id')
or XSLT apigw:get-variable('client.app.id')
You can use either GatewayScript or XSLT, and perhaps best depending upon the response from your backend's response content-type. If JSON, GatewayScript is definitely easier to use for JSON, although you could also read the JSON payload in xslt, get an XML JSONx formatted version of the response and XPath through the hierarchy to find what you need. If an XML response, XSLT would be easier in my opinion although there are getElementsByTagName and getElementsByTagNameNS DOM functions in GatewayScript that could be used. There's almost always multiple ways of implementing what you need. I suppose the bottom line is to use whichever you feel most comfortable and I must admit that GatewayScript has the debugger capability that really makes development much easier than dumping a lot of xsl:messages in your xslt during development and unit testing.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------
Original Message:
Sent: Thu June 27, 2024 10:28 AM
From: Rainer Hochecker
Subject: Filter response data records on a condition related to API Key
Hi, I am trying to implement the following requirement:
A backend REST API returns an array of data records. The gateway should only return those records where a specific field e.g. 'consumer_org' matches the org or application that has generated the API key.
I guess this can be best implemented with a gateway script, right? The challenge is how to get the app or org from the API Key. Any ideas?
Regards,
Rainer
------------------------------
Rainer Hochecker
------------------------------