Update Client Route

Overview

Updates the client route configuration for an API Proxy. Client routes define how clients access the API Proxy, including path matching, HTTP methods, host filtering, and header-based routing.

Endpoint

PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/client-route/

Authentication

Requires a Personal API Access Token.

Header

Authorization: Bearer YOUR_TOKEN

Request

Headers

Header	Value	Required
Authorization	Bearer {token}	Yes
Content-Type	application/json	Yes

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Request Body

Full JSON Body Example - Path-Based Routing

{
  "relativePathList": [
    "/api/v1/users",
    "/api/v1/products"
  ],
  "methodList": ["GET", "POST", "PUT", "DELETE"],
  "hostList": null,
  "headerList": null,
  "bufferRequest": true,
  "bufferResponse": true
}

Full JSON Body Example - Host-Based Routing

{
  "relativePathList": null,
  "methodList": ["GET", "POST"],
  "hostList": [
    "api.example.com",
    "api-staging.example.com"
  ],
  "headerList": null,
  "bufferRequest": true,
  "bufferResponse": true
}

Full JSON Body Example - Header-Based Routing

{
  "relativePathList": null,
  "methodList": ["GET", "POST"],
  "hostList": null,
  "headerList": [
    {
      "name": "X-API-Version",
      "value": "v1"
    },
    {
      "name": "X-Client-Type",
      "value": "mobile"
    }
  ],
  "bufferRequest": true,
  "bufferResponse": true
}

Full JSON Body Example - Combined Routing

{
  "relativePathList": [
    "/api/v1/users",
    "/api/v1/products"
  ],
  "methodList": ["GET", "POST", "PUT"],
  "hostList": [
    "api.example.com"
  ],
  "headerList": [
    {
      "name": "X-API-Version",
      "value": "v1"
    }
  ],
  "bufferRequest": true,
  "bufferResponse": true
}

Request Body Fields

Field	Type	Required	Default	Description
relativePathList	array[string]	No	null	List of relative paths to match. Paths must be at least 2 characters long
methodList	array[string]	No	null	List of HTTP methods to match. See EnumHttpRequestMethod
hostList	array[string]	No	null	List of host names to match
headerList	array[object]	No	null	List of headers to match. See Header Object
bufferRequest	boolean	No	true	Buffer request body (enables request body access in policies)
bufferResponse	boolean	No	true	Buffer response body (enables response body access in policies)

EnumHttpRequestMethod (methodList)

• GET - HTTP GET method
• POST - HTTP POST method
• PUT - HTTP PUT method
• HEAD - HTTP HEAD method
• OPTIONS - HTTP OPTIONS method
• DELETE - HTTP DELETE method
• PATCH - HTTP PATCH method
• TRACE - HTTP TRACE method
• ALL - All HTTP methods

Header Object (headerList)

Field	Type	Required	Description
name	string	Yes	Header name (case-insensitive)
value	string	Yes	Header value to match

Notes

• At least one of relativePathList, methodList, hostList, or headerList must be provided
• If relativePathList is provided, all paths must be at least 2 characters long
• Route matching is done using AND logic: all specified conditions must match
• bufferRequest and bufferResponse control whether request/response bodies are buffered in memory
• Buffering enables policies to access and modify request/response bodies
• Disabling buffering improves performance but limits policy capabilities

Response

Success Response (200 OK)

{
  "success": true
}

Response Fields

Field	Type	Description
success	boolean	Indicates if the request was successful

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "Client route must have at least one valid route configuration"
}

Common Causes

• All route lists are empty or null
• Relative paths are less than 2 characters
• Invalid HTTP method values
• Invalid header format

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "ApiProxy (name: MyAPI) was not found!"
}

cURL Example

Example 1: Path-Based Routing

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/client-route/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "relativePathList": [
      "/api/v1/users",
      "/api/v1/products"
    ],
    "methodList": ["GET", "POST", "PUT", "DELETE"],
    "bufferRequest": true,
    "bufferResponse": true
  }'

Example 2: Host-Based Routing

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/client-route/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "hostList": [
      "api.example.com",
      "api-staging.example.com"
    ],
    "methodList": ["GET", "POST"],
    "bufferRequest": true,
    "bufferResponse": true
  }'

Example 3: Header-Based Routing

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/client-route/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "headerList": [
      {
        "name": "X-API-Version",
        "value": "v1"
      },
      {
        "name": "X-Client-Type",
        "value": "mobile"
      }
    ],
    "methodList": ["GET", "POST"],
    "bufferRequest": true,
    "bufferResponse": true
  }'

Example 4: Combined Routing

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/client-route/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "relativePathList": [
      "/api/v1/users"
    ],
    "methodList": ["GET", "POST"],
    "hostList": [
      "api.example.com"
    ],
    "headerList": [
      {
        "name": "X-API-Version",
        "value": "v1"
      }
    ],
    "bufferRequest": true,
    "bufferResponse": true
  }'

Notes and Warnings

• Route Matching:
  • Route matching uses AND logic: all specified conditions must match
  • If multiple lists are provided, the request must match all of them
• Relative Paths:
  • Paths must be at least 2 characters long
  • Paths are matched against the request URI path
  • Path matching is case-sensitive
• HTTP Methods:
  • Use ALL to match all HTTP methods
  • Method matching is case-insensitive
• Host Matching:
  • Host names are matched against the Host header
  • Host matching is case-insensitive
• Header Matching:
  • Header names are case-insensitive
  • Header values are matched exactly (case-sensitive)
  • All specified headers must be present in the request
• Buffering:
  • bufferRequest: true - Enables request body access in policies (required for request transformation)
  • bufferResponse: true - Enables response body access in policies (required for response transformation)
  • Disabling buffering improves performance but limits policy capabilities
• At Least One Route:
  • At least one of relativePathList, methodList, hostList, or headerList must be provided
  • Empty lists are treated as null
• Permissions:
  • Requires ROLE_MANAGE_PROXIES permission
• Deployment:
  • Changes take effect after deployment
  • Undeployed changes do not affect routing

Related Documentation

• Get API Proxy - Get API proxy details
• Update API Proxy - Update API proxy configuration
• Deploy API Proxy - Deploy API proxy