WSO2 EI/ESB Change Backend Response Status Code

With WSO2 Enterprise Integrator or Enterprise Service Bus servers, if you want to change the backend server response code, you can set custom status status code as below:
 <property name="HTTP_SC" scope="axis2" type="STRING" value="403"/>
If you are getting 'HTTP/1.1 202 Accepted' response from your backend, you need to set "SC_ACCEPTED" as false by setting a custom SC_ACCEPTED
Ex:  Receiving 202 from backend and change it to 200
<filter regex="202" source="$axis2:HTTP_SC">         <then>             <property action="remove" name="HTTP_SC" scope="axis2"/>             <property name="SC_ACCEPTED" scope="axis2" value="false"/>             <property name="HTTP_SC" scope="axis2" type="STRING" value="200"/>         </then>         <else/>     </filter>

Read XML content of the LocalEntry in WSO2 ESB

Local Entry is one of the data storage points in the WSO2 Enterprise Service Bus, where you can store text strings, XML content, and File URLs.  I have been asked a question that, how can we read the content of the local entry if it as an XML file.
Below is an example to read the content of the local entry(Name: NameOfLocalEntry) and assign the value of XML elements as properties. 
Content of Local Entry:
<?xml version="1.0"?> <Server> <userName>chandana</userName> <URL></URL> </Server>
Synapse Configuration: 
<property name="localEntry" expression="get-property('NameOfLocalEntry')" scope="default" type="OM"/>
<property name="userName" expression="$ctx:localEntry//*[local-name()='userName']"/> <property name="URL" expression="$ctx:localEntry//*[local-name()='URL']"/>

Payload Factory Mediators for JSON Message

WSO2 ESB/EI PayloadFactory mediator can be used to replace the contents of a message. As an example, if the backend is accepting a different message structure than what you are receiving, you can use PayloadFactory mediator to change the message structure. Other than that, if you want to transform XML payload into JSON or JSON to XML with different message structure you can use this mediator.

Recently, I faced an issue while transforming a message into JSON which is originally read from a CSV file(using Smooks Mediator). This message can have empty values in the content sometimes and such messages look like below:


I initially wrote a payload factory mediator like below:

<payloadFactory media-type="json">
  "UserInfo": {
    "fName": "$1",
    "mName": "$2"


WSO2 ESB - How to use filter inside iterate mediator

WSO2 ESB's Iterate mediator plays a very powerful role in the Splitter Enterprise Integration Pattern. Splitter Enterprise Integration Pattern is used when messages contain multiple elements that might have to be processed in different ways. The Splitter breaks out the composite message into a series of individual messages, each containing data related to one item.

WSO2 ESB Iterate mediator split the message based on a given expression and process them separately. So think about a use case like you are getting multiple order items and you want to enrich each order item, by calling another endpoint and finally we need to aggregate all the enriched items.

There you can use the Iterate mediator and after that aggregate mediator to aggregate all the enriched items.


ESB Proxy Service:

<?xml version="1.0" encoding="UTF-8"?><proxyxmlns=""name="IteService"transports="http,https"statistics=&q…

WSO2 ESB/EI Callout Mediator Error Scenario

When using WSO2 Enterprise Service Bus, you can use Call, Send and Callout mediators to invoke a service. If you are calling multiple service calls within your meditation sequence, you have to use either Call mediator or Callout mediator.

As per the documentation, WSO2 Team is recommending to use Call mediator instead of the Callout mediator, due to much better performance. However, due to some legacy requirements, we might need to stay with Callout mediator for the time being.

In my use case, there are some mediation scenarios with mutual SSL. So if you have noticed an "UnrecoverableKeyException: Password verification failed" exception in the WSO2Carbon log file and terminal when invoking an endpoint(backend service) using callout mediator, I would recommend you to check the Java SSL keyStore Password(values of the and environment variables) in  the /bin/ file or relevant location.


WSO2 ESB/EI Send XML content to backend

When sending XML content inside the payload to the backend via WSO2 ESB,  we have to encode it and send it. In my usecase,  I have a Data Service which is accepting XML content as a parameter.

To implement this requirement, we can't directly define CDATA(blocks of text that are not parsed by XML parser) inside the payload factory mediator. So we have two option to do so.

The first option is that Encode XML content using Script mediator and use encoded value inside the payload factory mediator. You can read Hasitha's blog on this topic.

The second option is storing the format section of the payload factory mediator, in the registry. There you can directly define the CDATA tags inside the XML content stored in the registry. This allows you to define  CDATA inside payload factory mediator.

An example usecase is as below:

PayloadFacroy Mediator:

<?xml version="1.0" encoding="UTF-8"?><payloadFactorymedia-type="xml"><formatkey="conf:/…

Secure Spring Boot REST API using Basic Authentication

This is the third post of my Spring Boot Blog post series. In the very first post, I talked about my experience with creating RESTFul Services using Spring Boot. Then I have expanded the sample to integrate with Swagger documentation. In this post, I am going to expand above sample with security aspect.

What is API Security

API Security is a wide area with many different definitions, meanings, and solutions. The main key terms in API security are Authorization, Authentication, Encryption, Federation, and Delegation. However, I am not going to talk about each of them here.

What is Authentication

Authentication is used to reliably determine the identity of an end user and give access to the resources based on the correctly identified user.

What is Basic Authentication

Basic Authentication is the simplest way to enforce access controling to resources. Here, the HTTP user agent provides the username and the password when making a request. The string containing the username and password separ…