Send request

Article
10/17/2023

The send-request policy sends the provided request to the specified URL, waiting no longer than the set timeout value.

Note

Set a policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.

Policy statement

<send-request mode="new | copy" response-variable-name="" timeout="60 sec" ignore-error
="false | true">
  <set-url>request URL</set-url>
  <set-method>...</set-method>
  <set-header>...</set-header>
  <set-body>...</set-body>
  <authentication-certificate thumbprint="thumbprint" />
  <proxy>...</proxy>
</send-request>

Attributes

Attribute	Description	Required	Default
mode	Determines whether this is a `new` request or a `copy` of the headers and body in the current request. In the outbound policy section, `mode=copy` does not initialize the request body. Policy expressions are allowed.	No	`new`
response-variable-name	The name of context variable that will receive a response object. If the variable doesn't exist, it will be created upon successful execution of the policy and will become accessible via `context.Variable` collection. Policy expressions are allowed.	Yes	N/A
timeout	The timeout interval in seconds before the call to the URL fails. Policy expressions are allowed.	No	60
ignore-error	If `true` and the request results in an error, the error will be ignored, and the response variable will contain a null value. Policy expressions aren't allowed.	No	`false`

Elements

Element	Description	Required
set-url	The URL of the request. Policy expressions are allowed.	No if `mode=copy`; otherwise yes.
set-method	Sets the method of the request. Policy expressions aren't allowed.	No if `mode=copy`; otherwise yes.
set-header	Sets a header in the request. Use multiple `set-header` elements for multiple request headers.	No
set-body	Sets the body of the request.	No
authentication-certificate	Certificate to use for client authentication, specified in a `thumbprint` attribute.	No
proxy	Routes request via HTTP proxy.	No

Usage

Policy sections: inbound, outbound, backend, on-error
Policy scopes: global, workspace, product, API, operation
Gateways: dedicated, consumption, self-hosted

Usage notes

If your API Management instance is deployed (injected) in a VNet in internal mode and you use this policy to send an API request to an API that's exposed in the same API Management instance, you may encounter a timeout with an HTTP 500 BackendConnectionFailure error. This is the result of an Azure Load Balancer limitation.

To chain API requests to the gateway in this scenario, configure set-url to use the localhost loopback URL https://127.0.0.1. Additionally, set the HOST header to specify this API Management instance's gateway host. You may use the default azure-api.cn or your custom domain host. For example:

<send-request>
     <set-url>https://127.0.0.1/myapi/myoperation</set-url>
     <set-header name="Host">
         <value>myapim.azure-api.cn</value>
     </set-header>
</send-request>

Example

This example shows one way to verify a reference token with an authorization server. For more information on this sample, see Using external services from the Azure API Management service.

<inbound>
  <!-- Extract token from Authorization header parameter -->
  <set-variable name="token" value="@(context.Request.Headers.GetValueOrDefault("Authorization","scheme param").Split(' ').Last())" />

  <!-- Send request to Token Server to validate token (see RFC 7662) -->
  <send-request mode="new" response-variable-name="tokenstate" timeout="20" ignore-error="true">
    <set-url>https://microsoft-apiappec990ad4c76641c6aea22f566efc5a4e.chinacloudsites.cn/introspection</set-url>
    <set-method>POST</set-method>
    <set-header name="Authorization" exists-action="override">
      <value>basic dXNlcm5hbWU6cGFzc3dvcmQ=</value>
    </set-header>
    <set-header name="Content-Type" exists-action="override">
      <value>application/x-www-form-urlencoded</value>
    </set-header>
    <set-body>@($"token={(string)context.Variables["token"]}")</set-body>
  </send-request>

  <choose>
        <!-- Check active property in response -->
        <when condition="@((bool)((IResponse)context.Variables["tokenstate"]).Body.As<JObject>()["active"] == false)">
            <!-- Return 401 Unauthorized with http-problem payload -->
            <return-response>
                <set-status code="401" reason="Unauthorized" />
                <set-header name="WWW-Authenticate" exists-action="override">
                    <value>Bearer error="invalid_token"</value>
                </set-header>
            </return-response>
        </when>
    </choose>
  <base />
</inbound>

API Management advanced policies

Next steps

For more information about working with policies, see:

Tutorial: Transform and protect your API
Policy reference for a full list of policy statements and their settings
Policy expressions
Set or edit policies
Policy samples