WEB-579: make API gateway tenant header name configurable

Author: deepaksoni47

src/app/login/login.component.ts

@@ -208,8 +208,8 @@ export class LoginComponent implements OnInit, OnDestroy {
     }
     const tenantIds = environment.fineractPlatformTenantIds
       .split(',')
-      .map((id) => id.trim())
-      .filter((id) => id.length > 0);
+      .map((id: string) => id.trim())
+      .filter((id: string) => id.length > 0);
     if (tenantIds.length === 0 || (tenantIds.length === 1 && tenantIds[0] === 'default')) {
       return false;
     }

src/app/zitadel/token.interceptor.ts

@@ -19,11 +19,15 @@ export class TokenInterceptor implements HttpInterceptor {
 
   public environment = environment;
   FINERACT_PLATFORM_TENANT_IDENTIFIER = environment.fineractPlatformTenantId;
+  // Name used to send the Fineract tenant identifier header.
+  // The runtime key is `apiGatewayHeaderName` to allow gateway/runtime injection,
+  // but this value represents the Fineract tenant header name.
+  FINERACT_TENANT_HEADER_NAME = environment.apiGatewayHeaderName || 'Fineract-Platform-TenantId';
 
   intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
     const token = this.authService.getAccessToken();
     let headersConfig: { [key: string]: string } = {
-      'Fineract-Platform-TenantId': this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
+      [this.FINERACT_TENANT_HEADER_NAME]: this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
       'Content-Type': req.headers.get('Content-Type') || 'application/json'
     };
     const publicEndpoints = [
@@ -56,7 +60,7 @@ export class TokenInterceptor implements HttpInterceptor {
         const retriedReq = request.clone({
           setHeaders: {
             Authorization: `Bearer ${newToken}`,
-            'Fineract-Platform-TenantId': this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
+            [this.FINERACT_TENANT_HEADER_NAME]: this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
             'Content-Type': request.headers.get('Content-Type') || 'application/json'
           }
         });

src/environments/environment.prod.ts

@@ -17,6 +17,13 @@ const provider = loadedEnv['apiProvider'];
 const parsedMinLength = Number(loadedEnv.minPasswordLength);
 const resolvedMinPasswordLength = Number.isInteger(parsedMinLength) && parsedMinLength > 0 ? parsedMinLength : 8;
 
+// Validate and normalize apiGatewayHeaderName (RFC 7230 token format)
+const resolvedApiGatewayHeaderName =
+  typeof loadedEnv.apiGatewayHeaderName === 'string' &&
+  /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(loadedEnv.apiGatewayHeaderName.trim())
+    ? loadedEnv.apiGatewayHeaderName.trim()
+    : 'Fineract-Platform-TenantId';
+
 export const environment = {
   production: true,
   version: env.mifos_x.version,
@@ -145,7 +152,13 @@ export const environment = {
     oidcClientId: loadedEnv['oidcClientId'] || loadedEnv['FINERACT_PLUGIN_OIDC_CLIENT_ID'] || '',
     oidcApiUrl: loadedEnv['oidcApiUrl'] || loadedEnv['FINERACT_PLUGIN_OIDC_API_URL'] || '',
     oidcFrontUrl: loadedEnv['oidcFrontUrl'] || loadedEnv['FINERACT_PLUGIN_OIDC_FRONTEND_URL'] || ''
-  }
+  },
+  /**
+   * Name of the header used to signal the tenant/platform to the API gateway
+   * Default kept for backward compatibility with existing deployments and tests
+   * Validated against RFC 7230 token format; whitespace trimmed; invalid values fallback to default.
+   */
+  apiGatewayHeaderName: resolvedApiGatewayHeaderName
 };
 
 // Server URL

src/environments/environment.ts

@@ -20,6 +20,13 @@ const loadedEnv = window.env || {};
 const parsedMinLength = Number(loadedEnv.minPasswordLength);
 const resolvedMinPasswordLength = Number.isInteger(parsedMinLength) && parsedMinLength > 0 ? parsedMinLength : 8;
 
+// Validate and normalize apiGatewayHeaderName (RFC 7230 token format)
+const resolvedApiGatewayHeaderName =
+  typeof loadedEnv.apiGatewayHeaderName === 'string' &&
+  /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(loadedEnv.apiGatewayHeaderName.trim())
+    ? loadedEnv.apiGatewayHeaderName.trim()
+    : 'Fineract-Platform-TenantId';
+
 export const environment = {
   production: false,
   version: env.mifos_x.version,
@@ -149,7 +156,13 @@ export const environment = {
     oidcClientId: loadedEnv.oidcClientId || loadedEnv.FINERACT_PLUGIN_OIDC_CLIENT_ID || '',
     oidcApiUrl: loadedEnv.oidcApiUrl || loadedEnv.FINERACT_PLUGIN_OIDC_API_URL || '',
     oidcFrontUrl: loadedEnv.oidcFrontUrl || loadedEnv.FINERACT_PLUGIN_OIDC_FRONTEND_URL || ''
-  }
+  },
+  /**
+   * Name of the header used to signal the tenant/platform to the API gateway
+   * Default kept for backward compatibility with existing deployments and tests
+   * Validated against RFC 7230 token format; whitespace trimmed; invalid values fallback to default.
+   */
+  apiGatewayHeaderName: resolvedApiGatewayHeaderName
 };
 
 // Server URL