This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Use withCredentials in a Service Callout

Posted on 01-05-2022 06:31 AM
johnferguson1
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I'm trying to invoke a URL from a Service Callout in Apigee. The URL is:

https://{{my-okta-org}}/api/v1/sessions/me

Which returns a JSON payload with the currently logged in user's session from Okta. When I call this from my API proxy in the browser, the Service Callout fails with a 404, because Okta can't resolve the session. But when you call the Okta URL directly from a browser, it works.

The reason (I think) is that the Okta Session cookie isn't being passed in the request from the Service Callout.

In JavaScript, you can fix this by using withCredentials, i.e.

 

const XHR = new XMLHttpRequest();
const url = "https://{{my-okta-org}}/api/v1/sessions/me"
XHR.open("GET", url);
XHR.withCredentials = true;
XHR.send();

 

Which instructs the browser to pass cross-domain cookies in the request.

But I can't figure out an alternative to withCredentials in an Apigee Service Callout.

I've thought about switching the whole thing into a JS policy, but the XMLHttpRequest or Fetch objects aren't available via the Apigee JS DOM, and the HttpClient object, which is available, doesn't seem to have withCredentials either.

Any suggestions?

1 2 448
Topic Labels
2 REPLIES 2
Top Solution Authors
View all