From 22dceb3c52e0a4de7df5b19f6969f36e5b8b5e53 Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Fri, 23 May 2025 12:41:59 +0100
Subject: [PATCH 1/6] NPA-4284: Add small description about our request header
 policy

---
 specification/validated-relationships-service-api.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/specification/validated-relationships-service-api.yaml b/specification/validated-relationships-service-api.yaml
index a06da7e3..8dab3159 100644
--- a/specification/validated-relationships-service-api.yaml
+++ b/specification/validated-relationships-service-api.yaml
@@ -87,6 +87,9 @@ info:
     |[NHS login - combined authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-login-combined-authentication-and-authorisation) |OAuth 2.0 authorisation code with API key and secret |No need to integrate and onboard separately with NHS login.  |No access to user information.                           |
     |[NHS login - separate authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-login-separate-authentication-and-authorisation) |OAuth 2.0 token exchange with signed JWT             |Gives access to user information.                            |Need to integrate and onboard separately with NHS login. |
 
+    ## Headers
+    This API is case-insensitive when processing request headers, meaning it will accept headers regardless of the letter casing used. (e.g. X-Request-Id, x-request-id are treated the same). When sending headers back in the response, we preserve the exact casing as received in the original request.
+    
     ## Errors
     We use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:
 

From 0cd2707665f9880b229830228431b1e721b59a27 Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Fri, 23 May 2025 14:23:09 +0100
Subject: [PATCH 2/6] NPA-4284: Add python script to translate request headers

---
 .../apiproxy/policies/TranslateRequestHeaders.xml |  6 ++++++
 .../resources/py/translate-request-headers.py     | 15 +++++++++++++++
 proxies/live/apiproxy/targets/target.xml          |  3 +++
 3 files changed, 24 insertions(+)
 create mode 100644 proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
 create mode 100644 proxies/live/apiproxy/resources/py/translate-request-headers.py

diff --git a/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
new file mode 100644
index 00000000..06297ce7
--- /dev/null
+++ b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Script async="false" continueOnError="false" enabled="true" name="TranslateRequestHeaders">
+    <DisplayName>TranslateRequestHeaders</DisplayName>
+    <Properties/>
+    <ResourceURL>py://translate-request-headers.py</ResourceURL>
+</Script>
\ No newline at end of file
diff --git a/proxies/live/apiproxy/resources/py/translate-request-headers.py b/proxies/live/apiproxy/resources/py/translate-request-headers.py
new file mode 100644
index 00000000..d83b3ec0
--- /dev/null
+++ b/proxies/live/apiproxy/resources/py/translate-request-headers.py
@@ -0,0 +1,15 @@
+# Access request headers dictionary
+request_headers = request.headers
+
+# Map of lowercase header name to desired parcel case header name
+request_header_translation = {
+    "x-request-id": "X-Request-ID",
+    "x-correlation-id": "X-Correlation-ID"
+}
+
+# Loop through request headers
+for key, value in request_headers.items():
+    key = key.lower()
+    desired_name = request_header_translation.get(key)
+    if desired_name:
+        flow.setVariable(f"request.header.{desired_name}", value)
diff --git a/proxies/live/apiproxy/targets/target.xml b/proxies/live/apiproxy/targets/target.xml
index f779224d..3a0d7572 100644
--- a/proxies/live/apiproxy/targets/target.xml
+++ b/proxies/live/apiproxy/targets/target.xml
@@ -8,6 +8,9 @@
             <Step>
                 <Name>FlowCallout.ApplyRateLimiting</Name>
             </Step>
+            <Step>
+                <Name>TranslateRequestHeaders</Name>
+            </Step>
             <Step>
                 <Name>AddDeveloperAppData</Name>
             </Step>

From 828f33ad511d7a4c67f44aadacfee9582f9d0b68 Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Fri, 23 May 2025 14:23:18 +0100
Subject: [PATCH 3/6] NPA-4284: Add python script to translate request headers

---
 .../live/apiproxy/resources/py/translate-request-headers.py  | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/proxies/live/apiproxy/resources/py/translate-request-headers.py b/proxies/live/apiproxy/resources/py/translate-request-headers.py
index d83b3ec0..69065a83 100644
--- a/proxies/live/apiproxy/resources/py/translate-request-headers.py
+++ b/proxies/live/apiproxy/resources/py/translate-request-headers.py
@@ -2,10 +2,7 @@
 request_headers = request.headers
 
 # Map of lowercase header name to desired parcel case header name
-request_header_translation = {
-    "x-request-id": "X-Request-ID",
-    "x-correlation-id": "X-Correlation-ID"
-}
+request_header_translation = {"x-request-id": "X-Request-ID", "x-correlation-id": "X-Correlation-ID"}
 
 # Loop through request headers
 for key, value in request_headers.items():

From e9ea4d163b9e2a6bcf6bba368212526c5f17bf8a Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Fri, 23 May 2025 14:51:06 +0100
Subject: [PATCH 4/6] NPA-4284: Add mirror request headers in response script

---
 .../policies/MirrorRequestHeaders.xml         |  6 +++++
 .../policies/TranslateRequestHeaders.xml      |  2 +-
 .../resources/py/mirror-request-headers.py    |  6 +++++
 .../resources/py/translate-request-headers.py | 22 +++++++++++++++----
 proxies/live/apiproxy/targets/target.xml      |  9 +++++++-
 5 files changed, 39 insertions(+), 6 deletions(-)
 create mode 100644 proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
 create mode 100644 proxies/live/apiproxy/resources/py/mirror-request-headers.py

diff --git a/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml b/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
new file mode 100644
index 00000000..f3e57777
--- /dev/null
+++ b/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Script async="false" continueOnError="true" enabled="true" name="MirrorRequestHeaders">
+    <DisplayName>MirrorRequestHeaders</DisplayName>
+    <Properties/>
+    <ResourceURL>py://mirror-request-headers.py</ResourceURL>
+</Script>
\ No newline at end of file
diff --git a/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
index 06297ce7..22e9c5cf 100644
--- a/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
+++ b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Script async="false" continueOnError="false" enabled="true" name="TranslateRequestHeaders">
+<Script async="false" continueOnError="true" enabled="true" name="TranslateRequestHeaders">
     <DisplayName>TranslateRequestHeaders</DisplayName>
     <Properties/>
     <ResourceURL>py://translate-request-headers.py</ResourceURL>
diff --git a/proxies/live/apiproxy/resources/py/mirror-request-headers.py b/proxies/live/apiproxy/resources/py/mirror-request-headers.py
new file mode 100644
index 00000000..957ce217
--- /dev/null
+++ b/proxies/live/apiproxy/resources/py/mirror-request-headers.py
@@ -0,0 +1,6 @@
+# Access original request headers dictionary
+request_headers = JSON.parse(flow.getVariable("original.headers"))
+
+# Loop through request headers and set them as response headers
+for key, value in request_headers.items():
+    flow.setVariable("response.header.{0}".format(key), value)
diff --git a/proxies/live/apiproxy/resources/py/translate-request-headers.py b/proxies/live/apiproxy/resources/py/translate-request-headers.py
index 69065a83..a028f329 100644
--- a/proxies/live/apiproxy/resources/py/translate-request-headers.py
+++ b/proxies/live/apiproxy/resources/py/translate-request-headers.py
@@ -1,12 +1,26 @@
+def get_request_headers():
+    request_header_names = flow.getVariable("request.headers.names")
+    request_headers = {}
+    for name in request_header_names:
+        request_headers[name] = flow.getVariable("request.header." + name)
+
+    return request_headers
+
+
 # Access request headers dictionary
-request_headers = request.headers
+request_headers = get_request_headers()
+
+# Store copy of original request headers
+flow.setVariable("original.headers", str(request_headers))
 
 # Map of lowercase header name to desired parcel case header name
 request_header_translation = {"x-request-id": "X-Request-ID", "x-correlation-id": "X-Correlation-ID"}
 
 # Loop through request headers
 for key, value in request_headers.items():
-    key = key.lower()
-    desired_name = request_header_translation.get(key)
+    desired_name = request_header_translation.get(key.lower())
     if desired_name:
-        flow.setVariable(f"request.header.{desired_name}", value)
+        # Remove original header
+        flow.removeVariable("request.header." + key)
+        # Set header with correct casing
+        flow.setVariable("request.header." + desired_name, value)
diff --git a/proxies/live/apiproxy/targets/target.xml b/proxies/live/apiproxy/targets/target.xml
index 3a0d7572..4069e717 100644
--- a/proxies/live/apiproxy/targets/target.xml
+++ b/proxies/live/apiproxy/targets/target.xml
@@ -67,15 +67,22 @@
             </Request>
         </Flow>
     </Flows>
-
     <PostFlow>
         <Response>
             <Step>
                 <Name>SetMimeType</Name>
             </Step>
+            <Step>
+                <Name>MirrorRequestHeaders</Name>
+            </Step>
         </Response>
     </PostFlow>
     <FaultRules>
+        <FaultRule name="default">
+            <Step>
+                <Name>MirrorRequestHeaders</Name>
+            </Step>
+        </FaultRule>
         <FaultRule name="401_Unauthorized">
             <Step>
                 <Name>RaiseFault.401Unauthorized</Name>

From b969d2efe903ab5ee93aac431eb192c6b914b40c Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Tue, 27 May 2025 14:08:04 +0100
Subject: [PATCH 5/6] NPA-8242: Working mirror request headers for unhappy path

---
 .../resources/py/mirror-request-headers.py    | 16 ++++++++++------
 .../resources/py/translate-request-headers.py | 19 ++++++++++---------
 proxies/live/apiproxy/targets/target.xml      |  4 ++--
 3 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/proxies/live/apiproxy/resources/py/mirror-request-headers.py b/proxies/live/apiproxy/resources/py/mirror-request-headers.py
index 957ce217..8ee52123 100644
--- a/proxies/live/apiproxy/resources/py/mirror-request-headers.py
+++ b/proxies/live/apiproxy/resources/py/mirror-request-headers.py
@@ -1,6 +1,10 @@
-# Access original request headers dictionary
-request_headers = JSON.parse(flow.getVariable("original.headers"))
-
-# Loop through request headers and set them as response headers
-for key, value in request_headers.items():
-    flow.setVariable("response.header.{0}".format(key), value)
+translated_header_names = ["X-Request-ID", "X-Correlation-ID"]
+for translated_header_name in translated_header_names:
+    # Access original request headers dictionary
+    original_request_header = flow.getVariable("original_request_header." + translated_header_name)
+    if original_request_header:
+        original_request_header = original_request_header.split("=")
+        # Remove original response header
+        flow.removeVariable("response.header." + translated_header_name)
+        # Mirror original request header
+        flow.setVariable("response.header." + original_request_header[0], original_request_header[1])
diff --git a/proxies/live/apiproxy/resources/py/translate-request-headers.py b/proxies/live/apiproxy/resources/py/translate-request-headers.py
index a028f329..61d8094e 100644
--- a/proxies/live/apiproxy/resources/py/translate-request-headers.py
+++ b/proxies/live/apiproxy/resources/py/translate-request-headers.py
@@ -10,17 +10,18 @@ def get_request_headers():
 # Access request headers dictionary
 request_headers = get_request_headers()
 
-# Store copy of original request headers
-flow.setVariable("original.headers", str(request_headers))
-
 # Map of lowercase header name to desired parcel case header name
 request_header_translation = {"x-request-id": "X-Request-ID", "x-correlation-id": "X-Correlation-ID"}
 
 # Loop through request headers
-for key, value in request_headers.items():
-    desired_name = request_header_translation.get(key.lower())
-    if desired_name:
-        # Remove original header
-        flow.removeVariable("request.header." + key)
+for original_header_name, header_value in request_headers.items():
+    desired_header_name = request_header_translation.get(original_header_name.lower())
+    if desired_header_name:
+        # Store original header against the desired name for mirroring in response
+        flow.setVariable(
+            "original_request_header." + desired_header_name, "%s=%s" % (original_header_name, header_value)
+        )
+        # Remove original request header
+        flow.removeVariable("request.header." + original_header_name)
         # Set header with correct casing
-        flow.setVariable("request.header." + desired_name, value)
+        flow.setVariable("request.header." + desired_header_name, header_value)
diff --git a/proxies/live/apiproxy/targets/target.xml b/proxies/live/apiproxy/targets/target.xml
index 4069e717..3fb5a6c2 100644
--- a/proxies/live/apiproxy/targets/target.xml
+++ b/proxies/live/apiproxy/targets/target.xml
@@ -48,7 +48,7 @@
                 </Step>
             </Request>
         </Flow>
-        <Flow name ="User Restricted">
+        <Flow name="User Restricted">
             <Condition>accesstoken.auth_type = "user"</Condition>
             <Request>
                 <Step>
@@ -111,4 +111,4 @@
             <Property name="request.retain.headers">User-Agent,Referer,Accept-Language</Property>
         </Properties>
     </HTTPTargetConnection>
-</TargetEndpoint>
+</TargetEndpoint>
\ No newline at end of file

From 7b1d293c3530a7d235f8afa25b9e4f2b5407114d Mon Sep 17 00:00:00 2001
From: Ellie Bound <175816742+ellie-bound1-NHSD@users.noreply.github.com>
Date: Tue, 27 May 2025 15:09:09 +0100
Subject: [PATCH 6/6] NPA-4284: Add mirror request header policy to all fault
 rules

---
 .../live/apiproxy/policies/MirrorRequestHeaders.xml |  2 +-
 .../apiproxy/policies/TranslateRequestHeaders.xml   |  2 +-
 proxies/live/apiproxy/targets/target.xml            | 13 +++++++++++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml b/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
index f3e57777..829b9f2a 100644
--- a/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
+++ b/proxies/live/apiproxy/policies/MirrorRequestHeaders.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <Script async="false" continueOnError="true" enabled="true" name="MirrorRequestHeaders">
-    <DisplayName>MirrorRequestHeaders</DisplayName>
+    <DisplayName>Mirror Request Headers</DisplayName>
     <Properties/>
     <ResourceURL>py://mirror-request-headers.py</ResourceURL>
 </Script>
\ No newline at end of file
diff --git a/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
index 22e9c5cf..160b92df 100644
--- a/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
+++ b/proxies/live/apiproxy/policies/TranslateRequestHeaders.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <Script async="false" continueOnError="true" enabled="true" name="TranslateRequestHeaders">
-    <DisplayName>TranslateRequestHeaders</DisplayName>
+    <DisplayName>Translate Request Headers</DisplayName>
     <Properties/>
     <ResourceURL>py://translate-request-headers.py</ResourceURL>
 </Script>
\ No newline at end of file
diff --git a/proxies/live/apiproxy/targets/target.xml b/proxies/live/apiproxy/targets/target.xml
index 3fb5a6c2..37dce55c 100644
--- a/proxies/live/apiproxy/targets/target.xml
+++ b/proxies/live/apiproxy/targets/target.xml
@@ -78,24 +78,33 @@
         </Response>
     </PostFlow>
     <FaultRules>
-        <FaultRule name="default">
+        <DefaultFaultRule name="default">
             <Step>
                 <Name>MirrorRequestHeaders</Name>
             </Step>
-        </FaultRule>
+        </DefaultFaultRule>
         <FaultRule name="401_Unauthorized">
+            <Step>
+                <Name>MirrorRequestHeaders</Name>
+            </Step>
             <Step>
                 <Name>RaiseFault.401Unauthorized</Name>
             </Step>
             <Condition>oauthV2.OauthV2.VerifyAccessToken.failed = true or fault.name = "invalid_access_token" or fault.name = "InvalidAccessToken" or fault.name = "access_token_not_approved" or fault.name = "apiresource_doesnot_exist" or fault.name = "InvalidAPICallAsNo" or fault.name = "ApiProductMatchFound" or fault.name = "access_token_expired"</Condition>
         </FaultRule>
         <FaultRule name="404_Not_Found">
+            <Step>
+                <Name>MirrorRequestHeaders</Name>
+            </Step>
             <Step>
                 <Name>RaiseFault.404NotFound</Name>
             </Step>
             <Condition>response.header.x-amzn-ErrorType = "IncompleteSignatureException"</Condition>
         </FaultRule>
         <FaultRule name="ApplicationOperationOutcome">
+            <Step>
+                <Name>MirrorRequestHeaders</Name>
+            </Step>
             <Step>
                 <Name>RaiseFault.ApplicationOperationOutcome</Name>
                 <Condition>response.header.x-amzn-RequestId != null</Condition>