Skip to main content
S
schoolprogrammer
Participant
May 17, 2019
Question

API Manager: Pass bearer token to endpoint

  • May 17, 2019
  • 1 reply
  • 420 views

I am currently implementing an API using the OAuth2: Client credentials authentication.  The oauth is working to a degree but when after API manager proxies the request to the Coldfusion endpoint, it is removing the authorization header.  Is there any way to preserve the header?  My main reasoning is that I need a way to identify the user on the CF server side after going through API manager.  Thanks in advance.

1 reply

M
mrrfoxx78896
Participant
November 14, 2025

Wondering if anyone solved this issue?  I’m encountering an issue with passing header variables from API Manager to my ColdFusion endpoints and would appreciate any guidance.

Background:

  • I have an existing API in ColdFusion API Manager that has been running for years. The following headers are successfully passed to my original endpoints:
    • X-APIM-OAUTH2-TOKENINFO
    • X-APIM-CONSUMER-NAME
    • X-APIM-OAUTH2-TOKEN
    • X-APIM-CONSUMER-INFO
  • However, when I create a new version of the API and add new endpoints, these headers are not passed to the new endpoints. The original endpoints continue to receive them as expected.

What I’ve Tried:

  • Created new endpoints in existing API version.  Headers are not passed.
  • Created new version of API.  All endpoints pass desired headers.  Created new endpoints and headers are NOT being passed.
  •  
  • I’ve looked into the API Manager’s internal API endpoints for ADMIN and PORTAL, but I haven’t found any valid documentation or clear instructions on how to configure these headers for new endpoints.

Request:

  • Has anyone encountered and resolved this issue?
  • Can you point me to relevant documentation or provide guidance on how to ensure these headers are passed to new endpoints in the API Manager?

Thank you in advance for any help!

 

 
Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
November 14, 2025

While I have zero experience with this problem or with dealing with header passing from the api manager, I still maybe able to help. 

 

How are you judging that the expected headers are not being passed in? In other words, how are you trying to refer to them which indicates they're "not there"? Are you perhaps expecting them in the cgi scope? How about doing a cfdump/writedump of cf's gethttprequestdata() function? Maybe they're there but somehow named differently or not in the cgi scope. (BTW, even if you feel you "can't do a dump" within the endpoint if "it can't produce output", note that you can provide args telling cf to write the dump to a file, and either as html or plain text.) 

 

If that's not it, I find it interesting that you see the two differing results. It surely suggests that SOME aspect of creating the two variants leads to the difference--which suggests there should be some way to get either to work. I appreciate that's what you're asking for here. 🙂 We really should be able to find it.

 

Finally neither you or the OP have said what VERSION your running, of the API Manager and cf. It may be important. And what update level of each? 

/Charlie (troubleshooter, carehart. org)
M
mrrfoxx78896
Participant
November 14, 2025

Thanks for the quick response Charlie!  Appericiate it.

We are using:

Windows servers.

Adobe 2021 ColdFusion API Manager

Adobe 2021 ColdFusion Server - Version 2021,0,22,330451

 

Below are 2 endpoints in the same API.

One (helloWorld) has been working correclty for over a year and returing the desired auth headers.

The other (search) was just added.

 

In both endpoints, I have added a dump of the GetHttpRequestData().  
HelloWorld shows headers, Search does not.

 

 

 

I also am looking at the API Manager Audit Log file and see the headers passed in the Helloworld and not passed in the search endpoint.

 

 

 

 

 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices