API Connect

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Any thoughts on this is much appreciated. 

Thanks,

Mahima

------------------------------
Mahima Annagiri

Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well).  If you can be patient, I'd get that fix pack when it is available.  Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before.  The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers.  The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.

Best Regards,
Steve Linn

Any thoughts on this is much appreciated. 

Thanks,

Mahima

------------------------------
Mahima Annagiri

Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Hello @Steve Linn,

Thanks for the reply. We will try to update when the changes are available. 
But post error global policy can only contain catch & finally policy, that would mean we will have to create a catch policy even though we do not have a requirement to catch any error globally. For removing the ratelimit headers, post error global policy does not seem to be ideal spot.

Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well).  If you can be patient, I'd get that fix pack when it is available.  Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before.  The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers.  The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.

Best Regards,
Steve Linn

Any thoughts on this is much appreciated. 

Thanks,

Mahima

------------------------------
Mahima Annagiri

Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Hi Mahima,
10.5.0.9 was made available Friday 12/08.  See https://www.ibm.com/support/pages/node/6607653?myns=swgother&mynp=OCSS9H2Y&mync=E&cm_sp=swgother-_-OCSS9H2Y-_-E As for your question, the post-error global policy is really from a DataPower perspective is executed at the end of all transaction processing, so yes, it may seem an odd place, but as part of the default post transaction finally processing is where the rate-limit and CORS headers are added, so your post-error finally will be where you can remove what the default post transaction processing added.
Best Regards,
Steve

Hello @Steve Linn,

Thanks for the reply. We will try to update when the changes are available. 
But post error global policy can only contain catch & finally policy, that would mean we will have to create a catch policy even though we do not have a requirement to catch any error globally. For removing the ratelimit headers, post error global policy does not seem to be ideal spot.

Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well).  If you can be patient, I'd get that fix pack when it is available.  Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before.  The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers.  The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.

Best Regards,
Steve Linn

Any thoughts on this is much appreciated. 

Thanks,

Mahima

------------------------------
Mahima Annagiri

Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Hi Mahima,
10.5.0.9 was made available Friday 12/08.  See https://www.ibm.com/support/pages/node/6607653?myns=swgother&mynp=OCSS9H2Y&mync=E&cm_sp=swgother-_-OCSS9H2Y-_-E As for your question, the post-error global policy is really from a DataPower perspective is executed at the end of all transaction processing, so yes, it may seem an odd place, but as part of the default post transaction finally processing is where the rate-limit and CORS headers are added, so your post-error finally will be where you can remove what the default post transaction processing added.
Best Regards,
Steve

Hello @Steve Linn,

Thanks for the reply. We will try to update when the changes are available. 
But post error global policy can only contain catch & finally policy, that would mean we will have to create a catch policy even though we do not have a requirement to catch any error globally. For removing the ratelimit headers, post error global policy does not seem to be ideal spot.

Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well).  If you can be patient, I'd get that fix pack when it is available.  Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before.  The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers.  The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.

Best Regards,
Steve Linn

Any thoughts on this is much appreciated. 

Thanks,

Mahima

------------------------------
Mahima Annagiri

Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers

Hi Pawan,

From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy.  The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.

Best Regards,
Steve

Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule.  As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working.  What type of Gateway are you using?  For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option.  I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work.  I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.

------------------------------
Pawan Jinaga
------------------------------

Hello Team,

Can we remove  "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.