The following example removes the apikey
query parameter from the request:
<AssignMessage name="remove-query-param"> <Remove> <QueryParams> <QueryParam name="apikey"/> </QueryParams> </Remove> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>
It's a best practice to strip the apikey
query parameter from the request
message when you use the VerifyAPIKey policy for user authentication. You do this to prevent
sensitive key information from being passed to the backend target.