Response templates are used to override the default values sent in response to consumer calls to an API. They can be implemented for all v4 API HTTP entrypoints:
- HTTP GET
- HTTP POST
- HTTP proxy
- SSE
- Webhook
- WebSocket
{% hint style="info" %} As of Gravitee 4.3, response templates cannot override message-level errors or be applied to TCP proxy entrypoints. {% endhint %}
Response template overrides are triggered by error keys, which are specific to policies. Responses can be templatized if the errors raised during the request/response phase(s) are associated with a policy whose policy keys can be overridden. Each response template defines the new values to be returned for one or more status codes when the template is triggered.
Prior to defining a response template, verify:
- Which policies have been applied to the API. This can be viewed in the API's plan.
- Which error keys can be overridden per policy associated with your API.
Below are the policy error keys that you can override by configuring response templates:
| Key | Policy |
|---|---|
API_KEY_MISSING | API key |
API_KEY_INVALID | API key |
QUOTA_TOO_MANY_REQUESTS | Rate limiting |
RATE_LIMIT_TOO_MANY_REQUESTS | Rate limiting |
REQUEST_CONTENT_LIMIT_TOO_LARGE | Request content limit |
REQUEST_CONTENT_LIMIT_LENGTH_REQUIRED | Request content limit |
REQUEST_TIMEOUT | Mock, Callout HTTP, Request validation |
REQUEST_VALIDATION_INVALID | Request validation |
RESOURCE_FILTERING_METHOD_NOT_ALLOWED | Resource filtering |
RBAC_INVALID_USER_ROLES | Role-based access control |
RESOURCE_FILTERING_FORBIDDEN | Resource filtering |
RBAC_FORBIDDEN | Role-based access control |
RBAC_NO_USER_ROLE | Role-based access control |
OAUTH2_MISSING_SERVER | OAuth2 |
OAUTH2_MISSING_HEADER | OAuth2 |
OAUTH2_MISSING_ACCESS_TOKEN | OAuth2 |
OAUTH2_INVALID_ACCESS_TOKEN | OAuth2 |
OAUTH2_INSUFFICIENT_SCOPE | OAuth2 |
OAUTH2_INVALID_SERVER_RESPONSE | OAuth2 |
OAUTH2_SERVER_UNAVAILABLE | OAuth2 |
HTTP_SIGNATURE_INVALID_SIGNATURE | HTTP Signature |
JWT_MISSING_TOKEN | JWT |
JWT_INVALID_TOKEN | JWT |
JSON_INVALID_PAYLOAD | JSON validation |
JSON_INVALID_FORMAT | JSON validation |
JSON_INVALID_RESPONSE_PAYLOAD | JSON validation |
JSON_INVALID_RESPONSE_FORMAT | JSON validation |
GATEWAY_INVALID_REQUEST | All |
GATEWAY_INVALID_RESPONSE | All |
GATEWAY_OAUTH2_ACCESS_DENIED | All |
GATEWAY_OAUTH2_SERVER_ERROR | All |
GATEWAY_OAUTH2_INVALID_CLIENT | All |
GATEWAY_MISSING_SECURITY_PROVIDER | All |
GATEWAY_PLAN_UNRESOLVABLE | All |
GATEWAY_POLICY_INTERNAL_ERROR | All |
When creating response templates, you can define:
- Multiple templates for one API (for multiple policies and/or multiple error keys sent by the same policy)
- Multiple template definitions for the same error key in a single template (for different content types or status codes)
To configure a response template:
-
Log in to your APIM Management Console
-
Select APIs from the left nav
-
Select your API from the list
-
Select Entrypoints from the inner left nav
-
Click on the Response Templates header
-
Click on the Add new Response Template button
-
Customize the Create a new Response Template form
Configure a new response template
- Template key: Choose the template key via the Template key drop-down.
- Accept header to match: Specify the requests header that should trigger use of the response template. The default value is
*/*. To send the template override values only for JSON or XML requests, specifyJSONorXML. - Status code: Specify the status code that to send to the API consumer via the Status code drop-down.
- Specify the override values to send to the API consumer. These can either be:
- One or more HTTP headers to include in the response
- A response template body
-
Click Create
