Layer7 API Management

 View Only

Iterating through stored passwords in the API Gateway with the WS-MAN service 

Aug 06, 2015 02:19 PM



The WS-Management (WS-MAN) service is an internal service that can be used for programmatic interactions with the API Gateway. This API is SOAP-based and is typically interfaced with using our Gateway Management Client. This API is capable of printing out a list of stored passwords but that output will not contain the actual stored credentials. This article will describe the steps necessary to publish an API that can consume the WS-MAN API and return a list of stored password items within a SOAP response




  1. Publish the WS-MAN internal service
  2. Publish a new Web API
  3. Import the attached policy into the new Web API
  4. Consume the new Web API via a browser or other HTTP-enabled client


This policy will return a SOAP message containing the names of all of the stored password objects. These names will be located in the element located at the following XPath pointer: /env:Envelope/env:Body/wsen:PullResponse/wsen:Items/l7:StoredPassword/l7:Name. The content of this element can be used to return a decrypted plaintext password using the request.passwordname.plaintext variable--where passwordname reflects the value of the l7:Name element.

0 Favorited
1 Files
zip file   2 KB   1 version
Uploaded - May 29, 2019

Tags and Keywords


Aug 06, 2015 03:25 PM

Good work Eric! Thought this looked familiar!

Related Entries and Links

No Related Resource entered.