Response handler configuration

Configure the Response Handler for Generic OAuth2 and Callout Authenticator API rules.

The Generic OAuth2 rule and Callout Authenticator rule contain a Response Handler field where you can specify how to handle the response. You can use anything in the response received from the callout.

Default Expression

The Response Handler field doesn't display the default expression. To configure it, copy and paste the following expression in the empty field and edit it as required.

match response
{
{ statusCode: 200..<300, entity }  => Result.ok(entity),
// Or use Result.continue(entity) to save the value for further callouts
{ statusCode: 401|404 }  => Result.ignore(),
{ statusCode }  => Result.err(statusCode),
_  => Result.err('Invalid response: ' + response.toString())
}

Configuration

Two expression objects are available in the default expression for the Response Handler field:

The response object, which contains the response from the callout to your URL.
The Result object, which contains functions to control how you want the response to be handled.

Modify the default Response Handler expression to reflect the required response handling logic, using the functions inside the Result object defined in the following table:


Result functions	Description
`{ ok: entity => { variant: 'OK', value: entity }, continue: entity => { variant: 'CONTINUE', value: entity }, ignore: () => { variant: 'IGNORE' }, err: reason => { variant: 'ERROR', reason: reason } }`	Call the `ok` function when you want the response to be accepted.
	Call the `continue` function to perform multiple callouts on a single request in sequence using the response of the first callout in a subsequent callout for further validation.
	Call the `ignore` function when you want the response to be ignored.
	Call the `err` function when you want the response to result in an error.

The continue function doesn't accept the request (differentiating it from the ok function). It just saves the value in the target path for further callouts.

Internal Server Error (code 500)

For a request with invalid credentials, the response body might correctly include an error message in the Failure field, but return an HTTP status code of 500 (Internal Server Error). This happens when the authorization rule runs successfully, but the authentication endpoint returns an error other than HTTP 401 (Unauthorized) or 403 (Forbidden). In these cases, the platform treats the error as a server failure and returns a 500 status code.

For example, consider a rule that authenticates APIs based on a bearer token. The Response Handler field contains the following expression:

match response
{
  { statusCode: 200..<300, entity } => Result.continue(entity),
  { statusCode: 400|401|404 } => Result.err('bad request from testuser'),
  { statusCode } => Result.err(statusCode),
  _ => Result.err('Invalid response: ' + response.toString())
}

However, when testing the API without a valid token, the response displays a 500 HTTP error in the header. The 500 error is correct because the API call was never completed. A 500 error can also result from a downstream misconfigured rule, a networking issue, or even mistyped user input.