Hi,
I'm trying to setup an authentication for a custom api wich is token based but not the Oaut2 standard.
I send a request for a token to an url with the following information in body:
{
"clientId": "the client id",
"clientSecret": "the client secret"
<span style="font-family:monospace;">}
I then get the following response
{
"token": "the token",
"expiryTimestamp": "the exiry timestamp"
}
The token is then used in the header for the request as a bearer token (authorization: Bearer the token)
Do you know if this can be configured under target endpoint security?
If I use Oauth2 and client credentials it send the request body as a form not json
Another option would be to manually retreive the token when I consume the API. I would then need to add a header request parameter in the call and pass the token there. But if I add a header request parameter called authorization and pass a value there it just gives me Bad request response without contacting the external api. I don't know if it is possible to set the header parameter authorization in this way?
If I add target endpoint security api key, I can set the authorization header with bearer token there, but since it expires this is not a usable solution.
I can set the authorization header in an endpoint policy as a hardcoded value. Is it possible, in the policy to pick up a variable from the request?
Or do you have any other suggestion on how this can be solved?
I have tried looking into other similar questions but cannot find any answer to my problem. If the header authorization was sent in another parameter like X-Authorization, then it would work but not like it is in my scenario.
