Request Modification

Add or Set Request Headers Policy

The set header policy adds a header to the request in the inbound pipeline. This can be used to set a security header required by the downstream service.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.


config/policies.json
{
  "name": "my-set-headers-inbound-policy",
  "policyType": "set-headers-inbound",
  "handler": {
    "export": "SetHeadersInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "headers": [
        {
          "name": "my-custom-header",
          "value": "test"
        }
      ]
    }
  }
}

Policy Configuration

name <string> - The name of your policy instance. This is used as a reference in your routes.
policyType <string> - The identifier of the policy. This is used by the Zuplo UI. Value should be set-headers-inbound.
handler.export <string> - The name of the exported type. Value should be SetHeadersInboundPolicy.
handler.module <string> - The module containing the policy. Value should be $import(@zuplo/runtime).
handler.options <object> - The options for this policy. See Policy Options below.

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

headers (required) <object[]> - An array of headers to set in the request. By default, headers will be overwritten if they already exists in the request, specify the overwrite property to change this behavior.
- name (required) <string> - The name of the header.
- value (required) <string> - The value of the header.
- overwrite <boolean> - Overwrite the value if the header is already present in the request. Defaults to true.

Using the Policy

An example for using this policy is if your backend service uses basic authentication you might use this policy to attach the Basic auth header to the request:


Code
{
  "export": "SetHeadersInboundPolicy",
  "module": "$import(@zuplo/runtime)",
  "options": {
    "headers": [
      {
        "name": "Authorization",
        "value": "Basic DIGEST_HERE",
        "overwrite": true
      }
    ]
  }
}

When doing this, you most likely want to set the secret as an environment variable, which can be accessed in the policy as follows


Code
{
  "export": "SetHeadersInboundPolicy",
  "module": "$import(@zuplo/runtime)",
  "options": {
    "headers": [
      {
        "name": "Authorization",
        "value": "$env(BASIC_AUTHORIZATION_HEADER_VALUE)",
        "overwrite": true
      }
    ]
  }
}

And you would set the environment variable BASIC_AUTHORIZATION_HEADER_VALUE to Basic DIGEST_HERE.

Read more about how policies work

Edit this page

Last modified on May 29, 2026

Remove Query Parameters Policy Set Body Policy

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

config/policies.json

{
  "name": "my-set-headers-inbound-policy",
  "policyType": "set-headers-inbound",
  "handler": {
    "export": "SetHeadersInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "headers": [
        {
          "name": "my-custom-header",
          "value": "test"
        }
      ]
    }
  }
}

Policy Configuration

name <string> - The name of your policy instance. This is used as a reference in your routes.

policyType <string> - The identifier of the policy. This is used by the Zuplo UI. Value should be set-headers-inbound.

handler.export <string> - The name of the exported type. Value should be SetHeadersInboundPolicy.

handler.module <string> - The module containing the policy. Value should be $import(@zuplo/runtime).

handler.options <object> - The options for this policy. See Policy Options below.