HTTP Transformation Rules

Resource endpoint protection
As part of FAPI conformance, any resource endpoint that is protected by an OIDC API definition should support the following standards:
  • Returns x-fapi-interaction-id
  • ContentType: JsonUTF8
These requirements can be achieved by implementing the following HTTP transformation rule. The example assumes resource endpoint are files under a directory with the name 'resource'.

HTTP Transformation Rule Reverse Proxy Configuration
<?xml version="1.0" encoding="UTF-8"?> 
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" 
     version="1.0" xmlns:external="http://xsltfunctions.isam.ibm.com"> 
     <xsl:strip-space elements="*" /> 
     <xsl:template match="/"> 
         <HTTPResponseChange> 
             <xsl:apply-templates /> 
         </HTTPResponseChange> 
     </xsl:template> 
     <xsl:template match="//HTTPResponse/Headers"> 
             <Header name="Content-type" action="update">application/json; charset=utf-8</Header> 
     </xsl:template> 
     <xsl:template match="//HTTPResponse/HTTPRequest/Headers/Header"> 
             <xsl:choose> 
                 <xsl:when test="@name='x-fapi-interaction-id' "> 
                     <Header name="x-fapi-interaction-id" action="add"> 
                         <xsl:value-of select="current()" /> 
                     </Header> 
                 </xsl:when> 
             </xsl:choose> 
     </xsl:template> 
 </xsl:stylesheet>

[http-transformations] resourceReq=resourceReq
[http-transformations:resourceReq] request-match = response:GET /resource*
 match-case-insensitive = yes


Parent topic: Achieving Financial-grade API (FAPI) conformance with IBM Security Verify Access