Hi,
I am new to API Gateway. What we have so far are purely "passthrough" routing policies, no fancy assertion before routing assertion. Now I have a need to add new policy for an endpoint that provide APIs using authorization authentication namely OAuth 1.0. I am not expert with that application nor am I expert in API Gateway or OAuth but if I understand our setup correctly the endpoint has OAuth 1.0 server installed and I was successful in getting the access token and secret hitting the OAuth server's APIs directly (going through the 3 steps process of request, authorize and access) and so we need API Gateway to allow requesting, authorizing and finally granting access token and allowing request with access token to get to the endpoint resource. I have no clue what I need on the policy but created one with just generating of OAuth signature base string assertion and then routing assertion with OAuth 1.0 authorization. I used either SOAPUI or Postman client and gets Error 400 - Invalid header name.
Does anyone has a sample policy to share for achieving the basic action of allowing authorization request and responding access token etc? Or if my basic policy is on the right track what is it that I am not configuring to get the policy to work?