Prevent WSO2 AM of dropping authorization token from request

Question

As per documentation

When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. link

I want to pass this token to the backend for every published API. What is the correct place to configure such behavior?

Answer 1

Uncomment below configuration in repository/conf/api-manager.xml and set false.

<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>

Answer 2

From API Manager version 3.0.0 onwards configuration model has been changed. So any changes done in api-manager.xml get reverted after the server restart.

Now we need to change <API-M_HOME>/repository/conf/deployment.toml

Uncomment and set the following lines:

[apim.oauth_config]
enable_outbound_auth_header = true

enable_outbound_auth_header string Default: FALSE If TRUE, sends Auth header to the backend as received from the client.