If you follow my blog posts, you will not be surprised that I love to speak about Best Practices, Tips, and Tricks. I wrote in the past Power Automate Best Practices, BizTalk Server, and often about Logic Apps Best Practices, Tips, and Tricks. So it’s not surprising that I would address other Azure Integration Services sooner or later, this time Azure API Management!
Let’s embark on a new journey as we begin a series of blog posts dedicated to API Management Best Practices, Tips, and Tricks. To start this series, I chose a topic that I found very useful in many situations: How to validate if a Header is an empty string?
#1 How to validate if a Header is an empty string?
Verifying whether the header contains a specific value(s) is straightforward. In fact, Microsoft’s documentation covers this as the very first topic on their page. To accomplish that, we can use the check-header policy to enforce that a request has a specified HTTP header.
<check-header name="Content-Type" failed-check-httpcode="401" failed-check-error-message="Missing Content-Type header" ignore-case="false">
<value>application/json</value>
<value>plain/text</value>
</check-header>
In this case, our request needs to have the Content-Type header, and the accepted values are:
- application/json
- or plain/text
If you exclude this header or opt for an alternative value for it, you’ll trigger a 401 error due to the missing Content-Type header:
{
"statusCode": 401,
"message": "Missing Content-Type header"
}
Now, checking only if it exists without any value restriction is poorly explained in MSFT documentation. However, it is still very simple to implement since values are options on the check-header policy. To accomplish that, we just need a simple instruction line:
<check-header name="Content-Type" failed-check-httpcode="401" failed-check-error-message="Missing Content-Type header" ignore-case="false" />
What you may find less commonplace is the technique for confirming the existence of a Header that isn’t empty. To clarify:
- The header needs to exist;
- The header can contain any value except being null, an empty string, or a string containing only blank spaces.
Well, of course, you may find multiple ways to accomplish this task, even using the check-header policy to validate the existence of the header and another strategy to validate if the value was not empty. I decided in my approach to suppress the use of the check-header policy, and instead, I will use the following approach:
- Read the Header using the context.Request.Headers.GetValueOrDefault(“my-header”) expression.
- And then using a condition to see if the value is empty or not
You can accomplish that by using the following policy:
<set-variable name="myHeaderValue" value="@(context.Request.Headers.GetValueOrDefault("My-Header"))" />
<choose>
<when condition="@(context.Variables.GetValueOrDefault<string>("myHeaderValue") == null
|| string.IsNullOrEmpty(context.Variables.GetValueOrDefault<string>("myHeaderValue"))
|| context.Variables.GetValueOrDefault<string>("myHeaderValue").Contains("undefined"))">
<return-response response-variable-name="headerValidationErrorResponse">
<set-status code="401" reason="Missing Header" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>{
"error": {
"code": "401",
"message": "My-Header header is missing or empty"
}
}</set-body>
</return-response>
</when>
</choose>
I hope you enjoy this tip and stay tuned for the following Azure API Management Best practices, Tips, and Tricks.
If you liked the content or found it helpful and want to help me write more content, you can buy (or help buying) my son a Star Wars Lego!
