Outbound OAuth2 rule
- The OAuth2 Outbound rule isn't available for APIs and API versions.
- The accounts used in the rule automatically reflect the changes made in the OAuth2 account itself.
- If you delete an account, it will invalidate the rule and will display an error when the deleted account is referenced. In this case, you must select another account.
Prerequisites
Preconfigured Valid and Authenticated OAuth2 Accounts
Supported Account Types
- REST OAuth2 Account
- REST Dynamic OAuth2 Account
- Azure AD OAuth2 Account
- HTTP Client OAuth2 Account
- OAuth SSL Accounts
Rule Execution Order
The Outbound OAuth2 rule executes after all rules, when the proxy calls the upstream API.
Field | Description |
---|---|
When this rule should be applied | An expression that defines one or more conditions that must be
true for the rule to execute.
Example: The expression |
Token Location | Required. Select the Token location as
Header/Body/Query Default value: Header Example: Header |
Header | Select Bearer/Custom Authorization Scheme if you have selected the Header
option from the dropdown list. Options available are:
Default value: Authorization Scheme Example: Custom Authorization Scheme |
Request Body Key | Enter JSON key with the value of the token. Default value: N/A Example: Location |
Query String Parameter Name | Name the Query String Parameter. Default value: N/A Example: stringname |
Status | Specifies whether the API rule is enabled or disabled. Default status: Selected |
Account Reference | Select a preconfigured OAuth2 account from the dropdown list that is configured
in the Global Org >Shared Folder. Default value: N/A Example: ../../shared/OutboundPolicyRestOAuth2 |
Description |
Required. A brief description of this rule. Default value: Outbound requests are being authenticated using specified OAuth2 service Example: Dev Env Outbound OAuth |