Outbound OAuth2 Policy
- The OAuth2 Outbound policy isn't available for APIs and API versions.
- The accounts used in the policy automatically reflect the changes made in the OAuth2 account itself.
- If you delete an account, it will invalidate the policy and will display an error when the deleted account is referenced. In this case, you must select another account.
Prerequisites
Preconfigured Valid and Authenticated OAuth2 Accounts
Supported Account Types
- REST OAuth2 Account
- REST Dynamic OAuth2 Account
- Azure AD OAuth2 Account
- HTTP Client OAuth2 Account
- OAuth SSL Accounts
Rule Execution Order
The Outbound OAuth2 policy executes after all policies, when the proxy calls the upstream API.
| Field/Field set | Description |
|---|---|
| When this policy should be applied | An expression that defines one or more conditions that must be
true for the policy to execute.
Example: The expression |
| Token Location | Required. Select the Token location as
Header/Body/Query Default value: Header Example: Header |
| Header | Select Bearer/Custom Authorization Scheme if you have selected the Header
option from the dropdown list. Options available are:
Default value: Authorization Scheme Example: Custom Authorization Scheme |
| Request Body Key | Enter JSON key with the value of the token. Default value: N/A Example: Location |
| Query String Parameter Name | Name the Query String Parameter. Default value: N/A Example: stringname |
| Status | Specifies whether the API policy is enabled or disabled. Default status: Selected |
| Account Reference | Select a preconfigured OAuth2 account from the dropdown list that is configured
in the Global Org >Shared Folder. Default value: N/A Example: ../../shared/OutboundPolicyRestOAuth2 |
| Description |
Required. A brief description of this policy. Default value: Outbound requests are being authenticated using specified OAuth2 service Example: Dev Env Outbound OAuth |