In our http calls from the API GW to the backend we use the assertion "Route via HTTP(S)" with a predefined context variable as Request Source. To be more flexible we also would like to set the HTTP Method by a context variable (This should be possible according to the documentation: https://docops.ca.com/ca-api-gateway/8-3/en/policy-assertions/assertion-palette/message-routing-assertions/route-via-http-s-assertion, Chapter: Using the assertion, point 3).
I tried this out, but in my opinion there is a bug in the assertion, because whenever I set the http method by a context variable, the request body won't be send to the backend.
I also made two services (httpMethodTest1 and httpMethodTest2) which shows the problem I am facing. You can find them in the attachements. httpMethodTest1 is a GET service which internally calls the httpMethodTest2 twice, first with the http method in the context variable and second with the http method set directly. As you can see the first call does not send a request body (which is a bug in my opinion) and the second call does it correctly.
I was able to get this working by selecting 'Transmit body regardless of request method' in the route assertion. While i can clearly see the HTTP method is being transmitted correctly to httpMethodTest2, it seems to be ignored by the gateway for some reason.
If the workaround above is acceptable I'd recommend using that for the time being. It would also be advisable to log a case so we can investigate this further.
Thank you for your investigations. I already opened a case for that.
Your workaround seems to work in all of my tests, but neverthless I am not sure if I can trust it, because I don't know if all of our different backend server will handle it correctly when they get a GET request with a body in it. I will use this workaround in the test environment to see wheter it will prove successful. In our productive environment I created another (more ugly, but save) workaround: An if/else structure which checks the variable for a specific word like "POST" or "UPDATE" and then executes the appropriate "route via http" assertion where the http method is a static string instead of a variable.
The only time that we have seen a body in a get was interaction with inbound Microsoft clients. You could add logic in the policy to disallow this so the backend would not see these requests.
Director, CA Support