Extracts an API key by evaluating an expression on the incoming request. The result (a string) is treated as the API key. The expression is evaluated in the configured language (default: SPEL) during the request flow.

Typical usage inside <apiKey>:

If the expression evaluates to null or an empty string, no key is extracted.

Attributes

Name Required Default Description Examples

expression

false

The expression evaluated against the message. It must resolve to a String containing the API key. Empty or null results mean “no key found”.

Examples (SPEL):

expression="request.headers['X-Api-Key']"
  expression="request.query['api_key']"

language false - - -

Can be used in

apiKey