Request Transformer Policy

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.

Transforms request headers before being passed to other authorization and authentication policies and request execution.

Policy execution order

Transformation of request headers works in the following policy sequence for all API versions and Proxies: Authorize By Role > Anonymous Authenticator > Request Transformer

Note: All expression enabled fields take expressions from the SnapLogic Expression Language and the API Composer functions.

Fixed Issues

The Request Transformer, Authorize by Role, and other Proxy-only policies can now use Basic Auth for authentication. Previously, this combination did not work.


Field/Field set	Description
When this policy should be applied	An expression that defines one or more conditions that must be true for the policy to execute. Example: The expression `request.method == "POST"` causes the policy to execute only on `POST` requests.
Headers to Add/Replace	The list of headers to add or replace into the request. If the name or value of an entry in the table is blank, no changes are made.
Name	The name for the header to add or replace. Default value: N/A Example: X-content-type-options
Value	The value(s) for the header. If this field is an expression, it can return a list to simulate the header being repeated multiple times in the original request. If the header in the original request was repeated multiple times, this new value replaces all of the original values. If the original values need to be preserved, this field should be an expression that gets the original value and returns a modified version. Default value: N/A Example: nosniff
Headers to Remove	The list of headers to remove from the request. The subfield Name functions the same way it does for Headers to Add/Replace. Default value: N/A Example: x-content-age
Description	Default value: `Requests’ headers are being transformed as specified`