►
Description
In this livestream, Michael Heap, Director of DevRel explores Kong Gateway's request transformation plugins (it's more interesting than it sounds, honest!)
02:00 - Introduction to Mockbin
05:42 - Remove query string transform
10:45 - Move query string to header transform
14:50 - Rewrite header authentication transform
26:21 - Move authorization header to body transform
41:47 - Masking sensitive data transform
47:32 - Providing multiple transforms
48:30 - Change HTTP method transform
51:50 - Providing default values transform
#KongGateway #ResponseTransformer #RequestTransformer #KongBuilders
A
A
One
second
sorry
I
just
need
to
put
that
on
silent
should
have
done
that
not
very
professional
of
me,
hey
krasamir,
so
yeah
like
I'm,
saying
it's
just
at
seven
p.m.
A
A
A
A
In
fact,
let's
go
over
now
just
make
sure
that
I'm
logged
in.
I
am
indeed.
A
A
So
if
I
can
spell
request
what
we
can
do
is
just
use
this
special
http
request
path
and
it
returns
back
all
the
info
sent
to
you
in
the
request
why
this
is
useful
is
because
we're
going
to
be
manipulating
the
request
on
the
fly
using
the
comm
gateway.
We
want
to
see
that
the
request
that
actually
makes
it
to
my
pin
is
different
to
the
request
that
we
sent
in
the
first
place,
so
we're
just
going
to
dive
straight
in
there.
A
A
A
A
A
All
good
excellent,
yes
victor,
my
green
screen
is
on.
I
did
have
a
virtual
background,
but
just
before
the
stream
we're
having
a
few
issues
with
changing
scenes
and
getting
some
fragmentation,
that's
why
I
killed
the
virtual
cam
in
the
background,
so
you
just
get
the
green
screen.
A
A
A
A
A
Call
that
remove
query
string
and
that
will
be
localhost
8000
remove
qs.
If
I
send
that
request
off,
we
can
see
the
kind
of
response
that
modbin
is
sending
back
to
us
and
all
it's
doing
is
echoing
out
all
the
information
it's
got.
A
It
was
a
get
request.
The
url
that
I
requested
was
localhost,
slash,
request,
slash
echo,
that's
because
that's
what
I
set
as
the
upstream
in
my
gateway,
I've
got
all
these
headers
the
host
voted
for
the
path.
These
are
all
things
that
kong
will
add
as
a
proxy
there's,
no
query
string,
there's
no
pulse
data,
so
let's
go
ahead
and
add
a
query
string.
A
The
key
is
demo
and
the
value
is
example,
and
if
I
send
that
off
again,
we
can
see
that
that
now
exists
in
the
query
string
now.
Imagine
that
you're
working
on
the
service
and
it
used
to
accept
this
demo
request,
but
the
team
that
you're
working
with
said.
Oh
no,
we
don't
want
that
anymore.
A
If
anyone
sends
demo
it's
now
and
ever,
but
you've
still
got
consumers
that
are
sending
this
query
string
because
they
haven't
had
time
to
update
their
applications
yet
and
now
suddenly
this
their
implementation
is
going
to
break
just
because
the
back
end
service
made
a
change.
So
what
you
can
do
is
use
kong
to
remove
that
demo
key
on
the
fly,
I'm
going
to
show
you
how
to
do
that.
A
A
So
if
I
go
back
to
insomnia
and
click
send,
we
can
see
now
that
there
is
no
query
string
in
the
request
that
mock
been
received.
That's
because
the
gateway
is
intercepting
that
request
running
our
request.
Transformation
rules
where
I
said,
remove
the
query,
string
called
demo
and
then
passing
on
the
request
to
the
upstream.
A
We
can
see
that
demo's
back,
because
the
request
transformation
plug-in
only
acts
on
the
values
that
you
tell
it
exist.
It
leaves
absolutely
everything
else
alone
and
we'll
just
pass
that
through
as
though
it
didn't
exist,
as
though
the
request
transformation,
plugin
didn't
exist,
just
show
that
it
works.
A
A
A
That's
that's
a
pretty
simple
use
case
like
removing
a
query
string.
What
happens
if,
in
fact,
let's
do
this?
Let's
add
a
another
route,
so
I
go
into
my
version.
A
A
A
And
this
time,
what
I'm
going
to
do
is
copy
from
that
query
string
into
the
authorization
header,
because
my
my
back
end
team
has
said
you
know
what
we
shouldn't
be
putting
off
of
authentication
credentials
in
the
query
string.
We
expect
them
in
the
header
and
we
have
that
same
conversation
again,
we
say
yeah,
but
customers
are
used
to
sending
them
in
the
query.
That's
what
we've
documented
and
they
say.
Well
now
we
only
support
them
in
the
header.
A
A
We
can
now
see
that
there's
this
authorization
header
the
value
of
hello
and
just
to
show
you
that
this
is
I'm
actually
running,
and
it's
not
something
that's
recorded,
actually
that
we've
got
tony
ferdon
with
us
today.
So
I'm
going
to
say,
api
key
is
tony
road,
and
now
that
is
being
picked
up
as
our
authorization
header
I'm
starting
to
build
all
of
these
together,
because
actually
we
don't
want
the
api
key
in
the
queen
string
anymore.
We
just
want
it
in
the
authorization
header.
A
A
A
A
A
A
A
So
if
I
create
that
the
path
was
rewrite
off.
A
A
These
call
requests
saw
how
you
use
the
the
kong
admin
api
to
configure
it.
So
you
can
do
all
of
this
either
through
an
api.
You
can
define
things
declaratively
if
you're
running
an
infrastructure
as
codes
type
of
environment
or
you
can
edit
it
in
call
manager,
icon
connect.
A
You
see
this
documentation
on
interpolation,
so
headers
we
reprograms.
A
We'll
cover
this
a
little
bit
later,
this
is
quite
cool,
but
you
can
add
four
backs,
which
is
quite
cool
there.
We
are
order
of
execution,
remove,
rename,
replace
and
then
append.
A
A
There
we
are
the
the
importance
of
reading
documentation
and
that's
how
you
know
it's
live.
I
am
not
too
rehearsed
because,
like
I
said,
I'm
learning
this
alongside
you.
I
had
a
quick
play
with
it
and
there's
actually
a
great
blog
post.
That
takes
you
through
a
lot
of
these
use
cases,
which
is
where
I
learned
the
basics
and
that's
on
concavehq.com.
A
A
common
api
gateway
request,
transformation
policies,
so
this
blog
post
will
take
you
through
copying
an
api
key
from
the
query
stream
to
the
header,
removing
clear
string
value
moving.
A
A
A
No
back
to
our
regularly
scheduled
viewing
next
up,
we
are
going
to
tackle.
A
A
A
A
A
A
A
This
is
strange,
isn't
it
so
that's
taking
the
box,
I'm
actually
going
to
move
on
from
this
I'm
going
to
go
and
investigate
this
after
the
stream,
and
that
will
teach
me
if
we're
going
got
script,
because
it's
quite
cool
that
we
can
do
this,
that
we
can
add
logic
like
if
it
already
exists,
don't
repent
the
words
borough
and
so
looking
at
my
notes,
we
go
to
modifying
the
header
to
include
borough
if
missing,
let's
go
for,
let's
do
the
opposite:
let's
add
a
new
route
where
we're
going
to
take
the
authorization
header
and
move
that
to
the
query
string.
A
A
That
request
transformation
plugin
now,
what's
it
got
request
transformer
and
this
time
we
need
to.
In
fact,
let's
do
it
to
the
query
string.
We
always
do
query
string.
Let's
add
it
to
the
body,
so
we'll
add
a
new
field
to
the
body.
Let's
assume
that
we're
sending
a
jwt
in
the
header
so
we'll
call
this
jwt.
A
A
A
A
A
A
A
A
A
A
What
we
did
here,
where
we
moved
the
queer
parameter
into
the
header,
never
removed
the
query
string.
So
this
was
what
was
this
root.
A
A
I
get
the
same
behavior
interesting
so
when
I'm
moving
from
a
queer
string
to
a
header,
it
works
when
I'm
moving
from
a
header
into
the
body.
It
does
not
and
that's
one
to
investigate
after
the
stream
and
let's
move
on.
Let's
do
something
like
actually
no
there's
one
more
thing.
I
want
to
show
you
on
this.
A
A
A
A
So
just
like
we
saw
sub
earlier
to
extract
the
substring
g
sub
is
global
substitution.
A
Okay,
it
looks
like
I
can't
execute
any
lure
code
in
this,
but
what
this
would
do
this
definitely
works
with
declarative
configuration.
Is
it
will
replace
the
start
of
the
string,
which
is
that
carrot?
It's
a
regular
expression,
then
the
word
burrower
and
then
a
space
with
an
empty
string,
and
that
would
mean
the
your
jwt
parameter
in
the
body
would
only
contain
the
word
demo.
A
Let's
say
the
the
last
four
digits
come
through
as
a
primary
called
last
boy.
I'm
just
gonna
place
that
with
four
stars,
so
that
our
back
end
service
never
actually
sees
the
last
four
digits
of
the
quad
number.
A
Imagine
that
it's
one
two
three
four
and
I
just
realized
that
again
I
made
that
I
get
not
a
post,
it's
a
less
enabled
post
request
as
well.
So
let
me
show
you
what
happens
another
match
with
those
values?
That's
because,
although
slash
card
exists,
it's
only
configured
to
listen
before
I
get
requests
until
I
click
update
now
when
I
resend
it
it
passes
the
request
through,
as
expected,.
A
A
A
A
A
A
A
The
move.
Header
responded
to
post.
It
was
if,
in
addition
to
moving
that
header
into
the
body,
I
sense
lost
for.
A
It
doesn't
do
it.
Why
is
that
another
interesting
thing
if
you've
got
the
same
plugin
defined
at
both
the
service
level
and
the
root
level,
the
root
level
takes
priority.
So
if
I
go
in
to
header
to
body
and
just
kind
of
disable
this
there
we
are
disable
and
save
and
try
again.
A
A
A
So
I'm
thinking
about
a
real
world
use
case
for
this.
Imagine
that
your
application
doesn't
support,
put
requests,
but
it
does
support
posts.
So
what
we're
going
to
do
is
we're
going
to
convert
a
put
request
into
a
post
so
by
setting
the
http
http
method
to
post
saving
that
plugin
and
I'm
just
going
to
change
this
method
again
edit
the
route
and
make
it
support,
put
requests.
A
A
A
A
So
we
covered
a
lot
today
we
covered
a
lot
of
things
that
I
have
planned,
for
we
did
a
lot
of
things
that
I
hadn't
planned
for,
but
you
saw
how
you
can
add
things
to
a
request:
move
things
from
the
queer
string
to
the
header,
how
you
can
transform
fields.
A
We
took
a
brief
look,
although
we
couldn't
get
it
working
today
at
how
we
can
add
lure
code,
which
was
in
here
just
above
just
here,
so
prefixing
the
header
value
with
basics.
If
it's
not
already
there
like,
I
said
these
docs
are
fantastic.
I
can
highly
recommend
taking
a
look
having
a
read.
A
I
shall
do
one
more
thing:
we've
got
three
minutes.
I
think
we've
got
time.
So
what
I'm
going
to
do
this
time
say
I
did
tell
you
that
I'd
show
you
this
and
I
forgot.
A
A
A
All
right
with
slash
fallback,
slash
consumer,
so
duplicate.
A
We
don't
need
a
query
string,
but
this
was
x.
Consumer
id.
A
A
A
Now
you
get
a
first
day
free
trial.
My
plus
account
gives
you
access
to
all
of
these
plugins,
including
request
transformer
advanced,
which
has
a
a
few
other
capabilities
that
we
didn't
get
into
today,
mostly
related
to
evaluating
more
complex,
low,
recording
templates
and
things
like
that.