►
Description
In this livestream, Michael Heap, Director of DevRel explores Kong Gateway's request transformation plugins (it's more interesting than it sounds, honest!)
02:00 - Introduction to Mockbin
05:42 - Remove query string transform
10:45 - Move query string to header transform
14:50 - Rewrite header authentication transform
26:21 - Move authorization header to body transform
41:47 - Masking sensitive data transform
47:32 - Providing multiple transforms
48:30 - Change HTTP method transform
51:50 - Providing default values transform
#KongGateway #ResponseTransformer #RequestTransformer #KongBuilders
A
A
A
A
A
So
if
I
can
spell
request
what
we
can
do
is
just
use
this
special
http
request
path
and
it
returns
back
all
the
info
sent
to
you
in
the
request
why
this
is
useful
is
because
we're
going
to
be
manipulating
the
request
on
the
fly
using
the
comm
gateway.
We
want
to
see
that
the
request
that
actually
makes
it
to
my
pin
is
different
to
the
request
that
we
sent
in
the
first
place,
so
we're
just
going
to
dive
straight
in
there.
A
A
A
A
A
A
A
A
A
A
A
It
was
a
get
request.
The
url
that
I
requested
was
localhost,
slash,
request,
slash
echo,
that's
because
that's
what
I
set
as
the
upstream
in
my
gateway,
I've
got
all
these
headers
the
host
voted
for
the
path.
These
are
all
things
that
kong
will
add
as
a
proxy
there's,
no
query
string,
there's
no
pulse
data,
so
let's
go
ahead
and
add
a
query
string.
A
A
If
anyone
sends
demo
it's
now
and
ever,
but
you've
still
got
consumers
that
are
sending
this
query
string
because
they
haven't
had
time
to
update
their
applications
yet
and
now
suddenly
this
their
implementation
is
going
to
break
just
because
the
back
end
service
made
a
change.
So
what
you
can
do
is
use
kong
to
remove
that
demo
key
on
the
fly,
I'm
going
to
show
you
how
to
do
that.
A
A
So
if
I
go
back
to
insomnia
and
click
send,
we
can
see
now
that
there
is
no
query
string
in
the
request
that
mock
been
received.
That's
because
the
gateway
is
intercepting
that
request
running
our
request.
Transformation
rules
where
I
said,
remove
the
query,
string
called
demo
and
then
passing
on
the
request
to
the
upstream.
A
We
can
see
that
demo's
back,
because
the
request
transformation
plug-in
only
acts
on
the
values
that
you
tell
it
exist.
It
leaves
absolutely
everything
else
alone
and
we'll
just
pass
that
through
as
though
it
didn't
exist,
as
though
the
request
transformation,
plugin
didn't
exist,
just
show
that
it
works.
A
A
A
A
A
A
And
this
time,
what
I'm
going
to
do
is
copy
from
that
query
string
into
the
authorization
header,
because
my
my
back
end
team
has
said
you
know
what
we
shouldn't
be
putting
off
of
authentication
credentials
in
the
query
string.
We
expect
them
in
the
header
and
we
have
that
same
conversation
again,
we
say
yeah,
but
customers
are
used
to
sending
them
in
the
query.
That's
what
we've
documented
and
they
say.
Well
now
we
only
support
them
in
the
header.
A
A
We
can
now
see
that
there's
this
authorization
header
the
value
of
hello
and
just
to
show
you
that
this
is
I'm
actually
running,
and
it's
not
something
that's
recorded,
actually
that
we've
got
tony
ferdon
with
us
today.
So
I'm
going
to
say,
api
key
is
tony
road,
and
now
that
is
being
picked
up
as
our
authorization
header
I'm
starting
to
build
all
of
these
together,
because
actually
we
don't
want
the
api
key
in
the
queen
string
anymore.
We
just
want
it
in
the
authorization
header.
A
A
A
A
A
A
A
A
A
A
A
There
we
are
the
the
importance
of
reading
documentation
and
that's
how
you
know
it's
live.
I
am
not
too
rehearsed
because,
like
I
said,
I'm
learning
this
alongside
you.
I
had
a
quick
play
with
it
and
there's
actually
a
great
blog
post.
That
takes
you
through
a
lot
of
these
use
cases,
which
is
where
I
learned
the
basics
and
that's
on
concavehq.com.
A
A
A
A
A
A
A
A
A
A
That
request
transformation
plugin
now,
what's
it
got
request
transformer
and
this
time
we
need
to.
In
fact,
let's
do
it
to
the
query
string.
We
always
do
query
string.
Let's
add
it
to
the
body,
so
we'll
add
a
new
field
to
the
body.
Let's
assume
that
we're
sending
a
jwt
in
the
header
so
we'll
call
this
jwt.
A
A
A
A
A
A
A
A
A
A
A
A
I
get
the
same
behavior
interesting
so
when
I'm
moving
from
a
queer
string
to
a
header,
it
works
when
I'm
moving
from
a
header
into
the
body.
It
does
not
and
that's
one
to
investigate
after
the
stream
and
let's
move
on.
Let's
do
something
like
actually
no
there's
one
more
thing.
I
want
to
show
you
on
this.
A
A
A
A
Okay,
it
looks
like
I
can't
execute
any
lure
code
in
this,
but
what
this
would
do
this
definitely
works
with
declarative
configuration.
Is
it
will
replace
the
start
of
the
string,
which
is
that
carrot?
It's
a
regular
expression,
then
the
word
burrower
and
then
a
space
with
an
empty
string,
and
that
would
mean
the
your
jwt
parameter
in
the
body
would
only
contain
the
word
demo.
A
A
Imagine
that
it's
one
two
three
four
and
I
just
realized
that
again
I
made
that
I
get
not
a
post,
it's
a
less
enabled
post
request
as
well.
So
let
me
show
you
what
happens
another
match
with
those
values?
That's
because,
although
slash
card
exists,
it's
only
configured
to
listen
before
I
get
requests
until
I
click
update
now
when
I
resend
it
it
passes
the
request
through,
as
expected,.
A
A
A
A
A
A
A
A
A
A
A
So
I'm
thinking
about
a
real
world
use
case
for
this.
Imagine
that
your
application
doesn't
support,
put
requests,
but
it
does
support
posts.
So
what
we're
going
to
do
is
we're
going
to
convert
a
put
request
into
a
post
so
by
setting
the
http
http
method
to
post
saving
that
plugin
and
I'm
just
going
to
change
this
method
again
edit
the
route
and
make
it
support,
put
requests.