How to assign values in policy <set-body>

Question

Hi, our company use Salesforce and want to give vendors Salesforce API through Azure APIM. I follow this tutorial link and hard-code credential part in the <set-body>, it works.

https://yinlaurent.wordpress.com/2018/12/31/use-azure-api-management-to-connect-to-a-service-protected-by-oauth-2-0-example-with-salesforce/

Now I'm wondering how I can configure those "<client_id>", "<client_secret>"..in a dynamical and safe way instead of hard-code. Those values should be from client while calling API.

 <set-body>@{  
            return string.Format("client_id={0}&client_secret={1}&username={2}&password={3}&grant_type=password", "<client_id>", "<client_secret>", "<salesforce_username>", "<password_and_token_concatenation>");  
            }</set-body>  

Here's what we configure so far.

Need your advise, thank you

Answer 1

Hi @NC0202

You can use look into APIM Advance polices and APIM transformation policy

I have created the below policy and used OCP APIM traces to verify the return string.

        <set-body>@{  
             string userName = context.Request.Headers.GetValueOrDefault("userName");  
			 string clientId = context.Request.Headers.GetValueOrDefault("clientid");  
			 string clienSecret = context.Request.Headers.GetValueOrDefault("clienSecret");  
			 string password = context.Request.Headers.GetValueOrDefault("password");  
             return string.Format("client_id={0}&client_secret={1}&username={2}&password={3}&grant_type=password", clientId, clienSecret, userName, password);  
             }</set-body>  

Used below the header to pass user input values:

OCP APIM Trace Snapshot:

You can modify the policy as per your requirement. Please let me know if you need any assistance.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.