Outbound Calls From A Flex Gateway Custom Policy – Part 2

Author: Rohit Singh (API1305) & Anjali Kushwaha (API1632)

This blog explains how to create POST Outbound Calls from a Flex Gateway Custom Policy. Part 1 covered making GET Outbound Calls with request headers. It goes over the process of configuring services in Flex Gateway.

If we have a use case, where through our custom policy we want to post-call internal endpoints with a request body which will give a response body. The same response can be used for further processing in our implementation URL. If we will try to tackle this use case by any inbuilt MuleSoft policy, then we face challenges to having internal Outbound Calls as no policy is currently available for such types of scenarios in the Flex Gateway. Then we need to create a custom policy using Rust SDK to handle this type of use case. It also covers how to configure services in Flex Gateway. Once these configurations are successfully set up, they can be used in custom policies to make Outbound HTTP calls.  

We’ll also see how to propagate headers and request payload getting from custom policy to implementation URL. It will help us to know how to inject headers if required in any use case. If our Flex Gateway URL is sending some header say xyz while calling and we want to use this same header in our implementation URL, then we need to inject this xyz header that can be utilized to build some logic on the implementation URL.

  1. Anypoint Platform
  2. GitHub Access
  3. Rust must be Installed on the System (Download from here if not already https://www.rust-lang.org/tools/install)
  4. Flex Gateway created on Anypoint Platform
Follow the steps below to make POST Outbound Calls:
  • Create Service:

We’ve to create a service.yaml configuration file with required parameters. Change the address with your desired URL without providing the endpoint, which will be passed through the Rust library file.

We’ll place this file configuration file in the working directory of the Flex Gateway. In the case of Docker, move it to the folder in which your registration.yaml file is present.

apiVersion: gateway.mulesoft.com/v1alpha1
kind: Service
 name: outboundservice
 address: http://rust-end-api-15march.us-e1.cloudhub.io

Run Flex Gateway. Then you’ll get to see in the logs, the details of the service that just deployed.

[flex-gateway-agent][info] Gateway default/2d2d8d763bbe: Adding Service default/outboundservice http://rust-end-api-15march.us-e1.cloudhub.io/

The configuration when used appropriately would be accessing the endpoint “http://rust-end-api-15march.us-e1.cloudhub.io/” via HTTP.

  • Configure the service in Custom Policy:

In the custom policy, use the service that we created in the last step. In lib.rs file(src/lib.rs) of the custom policy created in RUST, add the below code in on_http_request_headers function to make a POST Request.

Here, we are sending the “authorization” header from postman using Flex Gateway URL making the POST request body with it, and sending it to the external API that we are calling using REST custom policy.

Creating a variable request_body to create the json payload for our POST Outbound Call. In our blog, we’ve hardcoded the payload value but we can make it dynamic also by storing the incoming payload of the client in some variable and passing the variable in our request body.

fn on_http_request_headers(&mut self, _num_headers: usize, _end_of_stream: bool) -> Action { // Log policy version
        debug!("Status 1.0.21");
        // Get Authorization header
        let auth = match self.get_http_request_header("authorization") {
            Some(auth_value) => auth_value,
            None => {
                error!("Authorization header is missing");
                let response_body = serde_json::to_vec(
                            "success": "false", 
                            "message": "Authorization header is missing"}),
          ) .unwrap_or_default();
                // Stopping execution since header is missing
                    vec![("content-type", "application/json")],
                return Action::Continue;
        // Create request_body to attach it with HTTP Token Introspection call
        let request_body = serde_json::to_vec(
                    "token": "a8NFmU4tJVgDxKaJFmXTWvaHO"
        // Call Token Introspection endpoint
        match self.dispatch_http_call(
                (":method", "POST"),
                (":path", "/new"),
                (":authority", "rust-end-api-15march.us-e1.cloudhub.io"),
                ("authorization", auth),
                ("content-type", "application/json"),
        ) {
            Ok(id) => debug!("Introspection call is successful with id: {} ", id),
            Err(e) => error!("Failed to dispatch the Introspection call with Error: {:#?} ", e),

  • Configure the service in FlexGateway:

Now we’ll build this Rust library using the below command from the main directory itself using cmd :

“cargo build –target wasm32-unknown-unknown –release”.

Then optimize the binary web assembly file by using the following command:

“wasm-gc target/wasm32-unknown-unknown/release/<<flex_custom_policy_auth_header.wasm>> -o target/<<flex_custom_policy_auth_header-final.wasm>>”

Deploy the custom policy to the desired API. The custom policy during its execution must be able to make Outbound Calls with the service configured and complete its working.

  • POST Call through the Flex Gateway:

We have to make a POST call using Flex Gateway. In the attached screenshot below, you can see that the header (“authorization”) we are passing into the postman will be used in creating the request body for the Outbound Call that we have configured using our custom policy.

Note: For more information regarding Flex Gateway Custom Policy Using Rust, please refer to another on the Apisero website titled as – Publishing a Flex Gateway Custom Policy Using Rust (Connected Mode).

We use cookies on this site to enhance your user experience. For a complete overview of how we use cookies, please see our privacy policy.