Apigee HTTPBasicAuth timing out
Question:
So I have this working request that uses a HTTPBsaicAuth that needs to go through Apigee. I configured my Apigee proxy with a Basic Auth to retrieved the username and password in the headers However I continue to get the error:
{"fault":{"faultstring":"Gateway Timeout","detail":{"errorcode":"messaging.adaptors.http.flow.GatewayTimeout"}}}
Here is the original request without the Apigee pass through that works:
import requests
from requests.auth import HTTPBasicAuth
url = "https://myapi.com/path"
auth = HTTPBasicAuth("username", "password")
response = requests.get(url, auth=auth, verify=False)
The request above works without issues. My new request, including the Apigee url and apikey within the headers:
import requests
from requests.auth import HTTPBasicAuth
url = "https://apigee-proxy.com/basepath/path"
headers = {
"apikey" : "XXXXXX",
"username": "username",
"password": "password"
}
response = requests.get(url, headers=headers, verify=False)
Proxy setup, very basic:
<ProxyEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request/>
<Step>
<Name>Extract-Variables-1</Name>
</Step>
<Step>
<Name>Basic-Authentication-1</Name>
</Step>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows>
</Flows>
<HTTPProxyConnection>
<BasePath>/basepath</BasePath>
<Properties/>
<VirtualHost>default</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
</ProxyEndpoint>
UPDATED: Extract-Variables-1.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Variables-1">
<Source>request</Source>
<Header name="username">
<Pattern ignoreCase="true">{username}</Pattern>
</Header>
<Header name="password">
<Pattern ignoreCase="true">{password}</Pattern>
</Header>
<VariablePrefix>auth</VariablePrefix>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</ExtractVariables>
Basic-Authentication-1 policy:
<BasicAuthentication async="false" continueOnError="true" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="auth.username"/>
<Password ref="auth.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
Default route rule:
<TargetEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows/>
<HTTPTargetConnection>
<LoadBalancer>
<Server name="my_target"/>
</LoadBalancer>
<Path>/</Path>
</HTTPTargetConnection>
</TargetEndpoint>
The target server environment variable "my_target" = myapi.com, port=443
Is there something I am missing? Any help is appreciated.
UPDATE: Proxy now includes Extract-Variables-1, I can see the Authentication header being applied, but still timing out..:
UPDATE: The solution @Eddoasso offered worked for the BasicAuthentication. The connectivity issue has to deal with a firewall within my organization, thank you all for your help.
Answers:
I believe what you are missing is an Extract Variables policy. Try extracting the user and password values and passing the values obtained.
Something like
<ExtractVariables name='EV-Auth'>
<Source>request</Source>
<Header name="username">
<Pattern ignoreCase="true">**</Pattern>
</Header>
<Header name="password">
<Pattern ignoreCase="true">**</Pattern>
</Header>
<VariablePrefix>auth</VariablePrefix>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</ExtractVariables>
And use it as
<BasicAuthentication async="false" continueOnError="true" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="auth.username"/>
<Password ref="auth.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
The timeout error appears to be due to connectivity issues between Apigee and your backend.
I would try following to debug the issue –
- Set the target URL using HTTPTargetConnection/URL tag and retry to confirm there are no issues with the load balancer configuration.
- If you are still seeing timeout error, check if Apigee is allowed to talk to the backend. This link has details on how to debug timeout errors.
So I have this working request that uses a HTTPBsaicAuth that needs to go through Apigee. I configured my Apigee proxy with a Basic Auth to retrieved the username and password in the headers However I continue to get the error:
{"fault":{"faultstring":"Gateway Timeout","detail":{"errorcode":"messaging.adaptors.http.flow.GatewayTimeout"}}}
Here is the original request without the Apigee pass through that works:
import requests
from requests.auth import HTTPBasicAuth
url = "https://myapi.com/path"
auth = HTTPBasicAuth("username", "password")
response = requests.get(url, auth=auth, verify=False)
The request above works without issues. My new request, including the Apigee url and apikey within the headers:
import requests
from requests.auth import HTTPBasicAuth
url = "https://apigee-proxy.com/basepath/path"
headers = {
"apikey" : "XXXXXX",
"username": "username",
"password": "password"
}
response = requests.get(url, headers=headers, verify=False)
Proxy setup, very basic:
<ProxyEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request/>
<Step>
<Name>Extract-Variables-1</Name>
</Step>
<Step>
<Name>Basic-Authentication-1</Name>
</Step>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows>
</Flows>
<HTTPProxyConnection>
<BasePath>/basepath</BasePath>
<Properties/>
<VirtualHost>default</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
</ProxyEndpoint>
UPDATED: Extract-Variables-1.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Variables-1">
<Source>request</Source>
<Header name="username">
<Pattern ignoreCase="true">{username}</Pattern>
</Header>
<Header name="password">
<Pattern ignoreCase="true">{password}</Pattern>
</Header>
<VariablePrefix>auth</VariablePrefix>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</ExtractVariables>
Basic-Authentication-1 policy:
<BasicAuthentication async="false" continueOnError="true" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="auth.username"/>
<Password ref="auth.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
Default route rule:
<TargetEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows/>
<HTTPTargetConnection>
<LoadBalancer>
<Server name="my_target"/>
</LoadBalancer>
<Path>/</Path>
</HTTPTargetConnection>
</TargetEndpoint>
The target server environment variable "my_target" = myapi.com, port=443
Is there something I am missing? Any help is appreciated.
UPDATE: Proxy now includes Extract-Variables-1, I can see the Authentication header being applied, but still timing out..:
UPDATE: The solution @Eddoasso offered worked for the BasicAuthentication. The connectivity issue has to deal with a firewall within my organization, thank you all for your help.
I believe what you are missing is an Extract Variables policy. Try extracting the user and password values and passing the values obtained.
Something like
<ExtractVariables name='EV-Auth'>
<Source>request</Source>
<Header name="username">
<Pattern ignoreCase="true">**</Pattern>
</Header>
<Header name="password">
<Pattern ignoreCase="true">**</Pattern>
</Header>
<VariablePrefix>auth</VariablePrefix>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</ExtractVariables>
And use it as
<BasicAuthentication async="false" continueOnError="true" enabled="true" name="Basic-Authentication-1">
<DisplayName>Basic Authentication-1</DisplayName>
<Operation>Encode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="auth.username"/>
<Password ref="auth.password"/>
<AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>
The timeout error appears to be due to connectivity issues between Apigee and your backend.
I would try following to debug the issue –
- Set the target URL using HTTPTargetConnection/URL tag and retry to confirm there are no issues with the load balancer configuration.
- If you are still seeing timeout error, check if Apigee is allowed to talk to the backend. This link has details on how to debug timeout errors.