Prevent API Gateway from handling redirect response from downstream application

Manjunath_SP · February 10, 2021, 10:26am

Hi,

I have an API Gateway implementation that has endpoint to serve files from the downstream application. We wanted to avoid large file payload from being tunneled through the Gateway, hence the downstream application generates a 302 Redirect response. The objective of this design was that the API Gateway clients will be able to handle the 302 response. However, the API Gateway is automatically handling the 302 Redirect response (i.e., the gateway is downloading the file). Is it possible to configure the gateway such that it does not act upon 302 responses of downstream application? Also, can this be configurable for specific endpoints?

Thanks.

Jaideep · February 16, 2021, 7:00am

Hi Manjunath,
Currently it is not supported so the behavior you are seeing is expected. Thanks.

Manjunath_SP · February 16, 2021, 11:34am

Hi Jaideep,

Thanks for the response. I wanted to check if it is recommended practice to send/receive large payloads through the gateway, i ask this because the AWS Gateway seems to have 10MB limit on the payload size. I was wondering if webMethods has such restirictions, or, are there specific recommendations w.r.t. large payload through the API Gateway.

Thanks.

DINESH_J · February 17, 2021, 4:47am

The general practices is not to send large payload over http/s. Reason being is to stop from overhead to your server memory and resource. It will downgrade your service processing performance speed.

if you have requirement of the high TPS and audit logging policy and then you have large payload is something not entertained

Manjunath_SP · February 17, 2021, 12:48pm

Hi Dinesh,

I agree on keeping API Gateway lightweight. I am working on set of API’s that fetches the files (some of them can be large), and adhering to best practices i want to avoid streaming it through the gateway. To achieve this i am generating redirect responses (pre-authenticated url’s) as mentioned in the initial post, the expectation was that the API gateway does not handle 302 redirect itself, instead pass it passively to the API Gateway caller. However, as per this response, it appears that Gateway currently does not support the passive handling of 302 redirect responses (configuration). In this scenario how to adhere to the standards/best practices? Are there alternatives to implement such a design? Also, are there any plans of bringing in this feature to the product?

Thanks for responding.

Aryell_Hutagalung · February 23, 2021, 5:33pm

alternative:

Your native endpoint:

response code: 203
response header location: [target url redirection]

Your API (on api gateway):

Straight Through Routing to your native endpoint
response processing - response transformation - status transformation: code “302” ; message “Found”

Manjunath_SP · February 24, 2021, 1:14pm

Thanks for the solution.

It is unlikely that i will get approval for this approach as the upstream application is influencing the REST API design of downstream application. It is generally recommended to avoid large payloads through API Gateway, but the lack of option to configure passive handling of REDIRECT responses is constraining to adopt the recommendations. I am looking for guidance on this, also, do you see the possibility of having this configuration capability in the product roadmap.

Yunus_Aswat · February 26, 2021, 10:50am

Hello Jaideep,

We have exactly the same requirement as Manjunath. We don’t want the API Gateway to process the redirection, we want it to forward the re-direction back to the client application.

In my opinion this is quite a glaring omission in the API Gateway. So the question now is when can we have this feature?

Regards,

Yunus Aswat.