| title | description | services | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Azure API Management policy reference - check-header | Microsoft Docs |
Reference for the check-header policy available for use in Azure API Management. Provides policy usage, settings, and examples. |
api-management |
dlepow |
azure-api-management |
reference |
07/23/2024 |
danlep |
[!INCLUDE api-management-availability-all-tiers]
Use the check-header policy to enforce that a request has a specified HTTP header. You can optionally check to see if the header has a specific value or one of a range of allowed values. If the check fails, the policy terminates request processing and returns the HTTP status code and error message specified by the policy.
[!INCLUDE api-management-policy-generic-alert]
<check-header name="header name" failed-check-httpcode="code" failed-check-error-message="message" ignore-case="true | false">
<value>Value1</value>
<value>Value2</value>
</check-header>| Attribute | Description | Required | Default |
|---|---|---|---|
| name | The name of the HTTP header to check. Policy expressions are allowed. | Yes | N/A |
| failed-check-httpcode | HTTP status code to return if the header doesn't exist or has an invalid value. Policy expressions are allowed. | Yes | N/A |
| failed-check-error-message | Error message to return in the HTTP response body if the header doesn't exist or has an invalid value. This message must have any special characters properly escaped. Policy expressions are allowed. | Yes | N/A |
| ignore-case | Boolean. If set to true, case is ignored when the header value is compared against the set of acceptable values. Policy expressions are allowed. |
Yes | N/A |
| Element | Description | Required |
|---|---|---|
| value | Add one or more of these elements to specify allowed HTTP header values. When multiple value elements are specified, the check is considered a success if any one of the values is a match. |
No |
- Policy sections: inbound
- Policy scopes: global, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
<check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized" ignore-case="false">
<value>f6dc69a089844cf6b2019bae6d36fac8</value>
</check-header>[!INCLUDE api-management-policy-ref-next-steps]