Outbound OAuth2 rule

Enables API access for authorized users and applications. This rule sets OAuth2 parameters, such as authorization URLs, generated using access tokens with client credentials (client ID and client secret), to enforce OAuth2 authentication for upstream API calls. Preconfigured OAuth2 accounts are necessary to connect to the backend service and access third-party URLs through the proxy.
Note:
  • The OAuth2 Outbound rule isn't available for APIs and API versions.
  • The accounts used in the rule automatically reflect the changes made in the OAuth2 account itself.
  • If you delete an account, it will invalidate the rule and will display an error when the deleted account is referenced. In this case, you must select another account.

Prerequisites

Preconfigured Valid and Authenticated OAuth2 Accounts

Supported Account Types

  • REST OAuth2 Account
  • REST Dynamic OAuth2 Account
  • Azure AD OAuth2 Account
  • HTTP Client OAuth2 Account
  • OAuth SSL Accounts

Rule Execution Order

The Outbound OAuth2 rule executes after all rules, when the proxy calls the upstream API.

Field Description
When this rule should be applied An expression that defines one or more conditions that must be true for the rule to execute.

Example: The expression request.method == "POST" causes the rule to execute only on POST requests.

Token Location Required. Select the Token location as Header/Body/Query

Default value: Header

Example: Header

Header Select Bearer/Custom Authorization Scheme if you have selected the Header option from the dropdown list. Options available are:
  • Authorization Scheme: Select Bearer/Custom Authorization Scheme if you have selected the Header option from the dropdown list.
  • Custom Authorization Scheme: Add your Custom Authorization Scheme here.

Default value: Authorization Scheme

Example: Custom Authorization Scheme

Request Body Key Enter JSON key with the value of the token.

Default value: N/A

Example: Location

Query String Parameter Name Name the Query String Parameter.

Default value: N/A

Example: stringname

Status Specifies whether the API rule is enabled or disabled.

Default status: Selected

Account Reference Select a preconfigured OAuth2 account from the dropdown list that is configured in the Global Org >Shared Folder.

Default value: N/A

Example: ../../shared/OutboundPolicyRestOAuth2

Description

Required. A brief description of this rule.

Default value: Outbound requests are being authenticated using specified OAuth2 service

Example: Dev Env Outbound OAuth