Working with JSON

gateway84
 
 
JSON and the 
API Gateway
 
The 
API Gateway
 can work with messages in the JSON (JavaScript Object Notation) format. You can use the 
API Gateway
 to process incoming JSON payloads, validate incoming JSON payloads, output to JSON, or transform messages from JSON to other Content-Types (for example, text/XML).
By default, the 
API Gateway
 will accept any incoming Content-Type, unless the entry point is associated with a SOAP-based service. When a request containing a JSON payload arrives at the 
API Gateway
, the ${request.*} context variables will contain all aspects of the JSON message. In a service policy, you can validate the JSON structure in a message by using the Validate JSON Schema assertion. You can also validate a JSON-specific pattern or extract parts of a JSON structure by using the Evaluate JSON Path Expression assertion. The extracted segments can be used as input to other assertions in the service policy that may require a subset of the JSON structure.
If a policy contains a Route via HTTP(S) assertion that returns a JSON output, the standard response message (as contained in the ${response.*} context variables) will contain the JSON structure. This will be returned to the original requestor of the transaction, unless the response is being transformed.
You can create your own Message variables containing JSON by using the Set Context Variable assertion.
Transform Messages Between XML and JSON
There are two assertions that you can use to transform between XML and JSON:
  •  
    Apply JSON Transformation
    : This assertion transforms messages from JSON to XML. For basic messages, it can also transform from XML to JSON. For more information, see Apply JSON Transformation assertion.
  •  
    Apply XSL Transformation
    : This assertion offers the greatest flexibility in transforming XML to JSON. For an example of an XSL stylesheet that transforms XML to JSON, see "The following stylesheet can be used to transform an existing XML message into a JSON structure." For more information, see Apply XSL Transformation assertion.
    You can detect whether an XML-to-JSON transformation is necessary by using a Compare Expression assertion to examine the contents of an incoming "Accept" HTTP header to determine whether the requestor expects the response to be formatted as JSON. If so, you can use either the Apply JSON Transformation or Apply XSL Transformation assertions to transform the XML response to JSON.
To download a stylesheet that transforms an existing XML message into a JSON structure, click here. (
Tip:
 The file is placed in your normal downloads folder. Ignore any messages stating that the attachment cannot be viewed.)
JSON Web Tokens
The 
CA API Gateway
 supports the JSON Web Token (JWT) specification with the following exceptions:
  • Only Compact Serialization representation support of the JSON Web Token is implemented; JSON Serialization is not supported.
  • When creating JSON web keys, only public keys are supported; shared and private keys are not supported
  • The JSON Web token payload accepts any String format (for example, JSON String, plain text, xml-formatted string) are supported. By comparison, the JWT Specification supports only JSON Claims Set String.
 
JSON Web Tokens vs. SAML Tokens:
 Both are security tokens, but SAML tokens have a more complex structure. JSON web tokens are more easily parsed by mobile devices and have become the new standard for security tokens. Using the Encode JSON Web Token assertion, you can accept any type of String payload (examples: JSON String, plain text String, XML-formatted String).
The following assertions combine to support the JWT specification:
Other Assertions for JSON
Additional JSON support in the 
CA API Gateway
: