Usage

• The client app is responsible for acquiring OAuth2.0 access token upfront.

• The client app must pass Cloud API Management key in the request and OAuth2.0 access token in authorization header.

• You must configure an optional unique introspection endpoint for geo-distributed OAuth2.0 authorization server.

  For example, France region may have different introspection endpoint than Switzerland region and USA region. Conditional introspection endpoint can be configured and picked based on additional meta data like custom header in the API request.

  One service endpoint should have less than ten region to introspection endpoint mapping.

• Optional configuration to enrich header with values from introspection endpoint JSON response on successful validation must be configured.

  • Configurable JSONPath expression to find value from JSON response.

  • Connector supports UTF-8 for internationalization and special characters such as "Claes Rosenlöf" while injecting header value.

  • Unmatched JSONPath expression that does not find value in the introspection endpoint response is silently ignored. Header is not injected in the API request.

  • Connector supports finite number of HTTP headers, less than ten headers configured, to enrich API request headers.