Custom Headers

Microflow® does not forward all the headers of the incoming request to the back-end services, but maintains an internal white list of the headers to be passed on by default. Headers other than those in the white list are either irrelevant, or we cannot tell the exact behavior if they are passed on since it is really service dependent. This white list can be expanded in the future to include more headers if they are believed to be relevant and not harmful.

The following is the white list of request headers. By default, Microflow only forwards those headers to backend services:


The following is the whitelist of response headers. By default, Microflow only forward those headers to client:


Microflow allows you to pass on the headers that are not included in the white list by leveraging custom Javascripts. This is important if your request contains any standard HTTP headers which are relevant to your business, or any non-standard custom headers that need to be delivered to the server.

To forward the headers to the backend service or from the backend service to the client, you can use the req or res object and the associated header functions described below in the Custom JavaScript stage and Routing stages.

Passing Headers

The req.allowHeader() function can be used to pass on a header in the incoming request that is not included in the white list.

The following sample code shows how to allow a “AS2-Version” custom header, used in AS2 B2B protocol, to be passed on to the back-end service.

req.allowHeader('AS2-Version');	done(req);

Similarly, the res.allowHeader() allows a header received from a backend service to be passed on to the client.

Adding Custom Headers

The req.addHeader() and res.addHeader() functions can be used to add your own headers when the request is forwarded to the backend service or when the response from backend service is forwarded to the client.

The following sample code shows how to add the authorization header to the backend system.

req.addHeader('authorization', 'basic: WEwwewe232de');

If a REST service is configured with the basic authorization, with the Custom JavaScript stage applied as shown, the authorization token can be provided by Microflow as the mediator. The end user does not have to provide authorization again when using the Microflow endpoint to send the request.

Similarly, you can use res.addHeader() to add a custom header that you wish to send back to client.