Pass Authorization Header to Downstream Microservice

In this tutorial, you will learn how to make Zuul API Gateway pass an Authorization header to a downstream Microservice.
To learn how to make Spring Boot Microservice read HTTP Request headers, please read this tutorial: Read HTTP Request Header in Spring MVC.

Configure Zuul API Gateway to Forward an Authorization Header

By default, Zuul API Gateway will not let sensitive information like an Authorization header be forwarded to downstream Microservices. Cookies and Authorization are considered to be sensitive information and is configured in Zuul API Gateway with a property called sensitiveHeaders. The default value of sensitiveHeaders property is as below: 

sensitiveHeaders: Cookie,Set-Cookie,Authorization

To make Zuul API Gateway allow Authorization Header to be sent to downstream Microservices you will need to override the sensitiveHeaders property and exclude the Authorization from the comma-delimited list.

sensitiveHeaders: Cookie,Set-Cookie

or explicitly set it to the empty list. Doing so will make the Zuul API Gateway pass cookie and authorization headers to your back-end microservices.


To read more about Cookies and Sensitive Headers, have a look at this documentation page.

If you are interested to learn more about building RESTful Microservices in Spring Cloud, have a look at the following list of online video courses. Some of them are very practical and cover a lot of useful information.

Leave a Reply

Your email address will not be published. Required fields are marked *