Header Transforms

Sometimes you will need to inject a header into your inbound request (for example, a security token that your app understands), or remove headers that could be damaging.

Alternatively you may want to inject headers into an outbound response from your system because you don’t want to modify the underlying service to do so, or to enrich the outbound request with additional headers that you require for the response type.

To enable header modification, select the “Modify Headers” option from the drop down box in the endpoint designer.

To use this feature – first select which type of transform you want (request or response), and then fill out the form.

  • Delete headers: headers in this list will be removed
  • Add headers: These header and values will be added

Note: Headers are removed first, and then added, this mean that header substitution is possible by removing the same header that is being added.

Using Meta Data from a token session object in header transforms

It is possible to inject information that is carried within the user session object into the header space as well. Each token or key has an attached session object which contains a meta_data field, this is a key/value map that allows for dynamic middleware and other components to intelligently act on identity information from the inbound request without exposing it.

To use this data in your header transform simply access the special $tyk_meta namespace, here is a working example:

Say in your session object you have included the following metadata:

"meta_data": {
    "uid": 12345,
    "username": "norman_bates"

To use this in your header transform, you can set the header value as $tyk_meta.uid and $tyk_meta.username

Was this article helpful to you? Yes No