We would like customize response of an API, depending of consumer.
The customization consists of filtering or not the attributes of a response, according to the consumer (identified with his key API for example)
1) Example for 'bronze' consumer :
Request : GET http://petstore.swagger.io/v2/pet/10
Response : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Pet> <category> <id>0</id> <name>Item 10</name> </category> <id>10</id> <name>doggie</name> <status>available</status> </Pet>
2) Example for 'gold' consumer :
Response : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Pet> <category> <id>0</id> <name>Item 10</name> </category> <id>10</id> <name>doggie</name> <photoUrls> <photoUrl>string</photoUrl> </photoUrls> <status>available</status> <tags> <tag> <id>0</id> <name>string</name> </tag> </tags> </Pet>
in sample2, the attributes <photoUrls> and <tags> are filtered
in sample2, the attributes <photoUrls> and <tags> are added in response
in fact, the same request have sent but there is two differents responses : "Gold" consumer have more data about pet/10
I saw an equivalent in product "CA live API Creator" on pre-sale, but there is a way with API Gateway (9.x) and API Portal Developer (3.5) ?
Could someone please help me ?
Try following policy fragment (put it BEFORE the assertions that could raise error)
At lease one folder
\_ All folder
| \_ compare assertion (to test 'bronze' consumer)
| |_ Customize Error Response assertion ( to set error message for 'bronze' consumer)
| \_ compare assertion (to test 'gold' consumer)
| |_ Customize Error Response assertion ( to set error message for 'gold' consumer)
Sorry, it seems you're talking about normal response, not error response, you can use the same structure, but use "Return template response to requestor" assertion to replace Customize Error Response assertion, and put it to the end of policy.
Thanks Mark for your response and time
I have think about this solution but there is a codding issue.
I may have misunderstood myself and I apologize. We are looking for a solution with the least codding possible, relying on the base of the Gateway API. Maybe this base is not quite suitable for doing this?
First, we do not want to manage our API for each consumer. It is a question of adapting the response of the API according to a category of consumer (bronze, gold) It is necessary to distinguish the category of our consumers associate the consumers X and Y to the category 'bronze' and the consumer Z to the category 'gold'
Q : Is it possible to do this via the portal for example, and if so, how? or anyelse issue ? We would like administer the link consumer and category by UI and not codding, of course.
Secondly, adapting a response with a 'Return template response to requestor' assertion requires to transform a response beforehand, and requires a lot of effort. The API is no longer simply a proxy but become an application response, which will have to evolve according to the provider (and its life cycle), and categories of response to be made (when the category is associated with the consumer). I guess this is possible widely with XLST assertion but we do not want to have to code. If provider add a new data in his service, API must be managed this, by code, and category by category, it is tedious and not very agile. And required a new deployment of API. We thought more for an RBAC like management but for data.
Not having found anything about my request in the CA API Gateway, knowledge base and here, cases on the community site, I hope again this solution really exists.
Q : Has anyone ever implemented this project ?
The Gateway has the capability of taking a value in a header, payload, external call, etc to assert what type of user the consumer is. Based on that then it can be used to remove elements with out the need to use XSLT as the Map Value assertion and the Run for Each can run through as many tags as you like. I've attached a sample policy that will take a response and based on the level (gold,silver,bronze) either leave the response payload along or remove certain tags.
Its really ingenious
Did this his answer your question or do you need additional assistance?
it 's OK for me. I think we can close this topic.