HTTP Request Policies in IBM APP Connect 

Here in this blog, we are going to learn about HTTP request policies in IBM App Connect.

The IBM App Connect Enterprise (ACE) v12.0.11.0 has introduced the HTTP Request policies. providing flexible and configurable mechanisms to manage connection properties during runtime. Whether it’s handling authentication, managing API keys, or enforcing security measures, these policies provide the necessary control over HTTP requests.

To implement an HTTP Request policy, it needs to be attached to an HTTPRequest or HTTPAsyncRequest node within the message flow. This attachment is done by setting the Policy property of the node to the name of the policy, typically in the format {policyProjectName}:policyName.       

properties of HTTP Request policies:

1. Accept Self-Signed Certificates: This property determines whether self-signed certificates are accepted or not. It can be toggled between true and false. 
2. API Key Location and Name: These properties define where and how the API key is passed within the HTTP request. The API key can be included either in the request header or in the request body in a URL-encoded format.
3. Credential Name: This property specifies the name of the credential used for the connection. It facilitates secure authentication by referencing credentials stored in a secure vault or through other credential management mechanisms.
4. Endpoint URL: The Endpoint URL property allows overriding the protocol, host, and port in the endpoint URL called by the HTTPRequest or HTTPAsyncRequest node. 

Configuration:

• Create a Flow

  Begin by creating a message flow in the IBM App Connect Enterprise Toolkit that includes an HTTP Request node, a Compute node, an HTTP Input node, and an HTTP Response node.

• Create a Backend Message Flow

  creating a backend message flow in the IBM App Connect Enterprise Toolkit that includes a Compute node, an HTTP Input node, and an HTTP Response node.</span

• Create a Policy Project 

  Now, create an HTTP Policy Project and give the Endpoint URL of the backend and the Credential Name if required.

• Policy Settings 

  Check your node’s property settings, and give the name of the policy in the Policy Properties of HTTP Request node in the format {policyProjectName}:policyName.  and save your message flow.

• Deploy & Test

  Deploy the application and test the application’s Backend Response. 

Conclusion

Attaching an HTTP Request policy to an HTTPRequest or HTTPAsyncRequest node provides a straightforward method to manage connection properties dynamically. This policy proves invaluable when configuring security settings, such as implementing basic authentication for outbound HTTP connections or utilizing API key credentials stored securely in the App Connect Enterprise vault or defined via the mqsisetdbparms command. By specifying the API key location property as either header or body, depending on the preferred method of passing the API key, organizations can ensure secure and efficient communication between their applications and services.