WEB-579: make API gateway tenant header name configurable

deepaksoni47 · deepaksoni47 · commit f4d8dbfcd4c6 · 2026-05-12T13:05:24.000+05:30
diff --git a/src/app/zitadel/token.interceptor.ts b/src/app/zitadel/token.interceptor.ts
@@ -19,11 +19,12 @@ export class TokenInterceptor implements HttpInterceptor {
 
   public environment = environment;
   FINERACT_PLATFORM_TENANT_IDENTIFIER = environment.fineractPlatformTenantId;
+  API_GATEWAY_HEADER_NAME = environment.apiGatewayHeaderName || 'Fineract-Platform-TenantId';
 
   intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
     const token = this.authService.getAccessToken();
     let headersConfig: { [key: string]: string } = {
-      'Fineract-Platform-TenantId': this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
+      [this.API_GATEWAY_HEADER_NAME]: this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
       'Content-Type': req.headers.get('Content-Type') || 'application/json'
     };
     const publicEndpoints = [
@@ -56,7 +57,7 @@ export class TokenInterceptor implements HttpInterceptor {
         const retriedReq = request.clone({
           setHeaders: {
             Authorization: `Bearer ${newToken}`,
-            'Fineract-Platform-TenantId': this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
+            [this.API_GATEWAY_HEADER_NAME]: this.FINERACT_PLATFORM_TENANT_IDENTIFIER,
             'Content-Type': request.headers.get('Content-Type') || 'application/json'
           }
         });
diff --git a/src/environments/environment.prod.ts b/src/environments/environment.prod.ts
@@ -17,7 +17,19 @@ const provider = loadedEnv['apiProvider'];
 const parsedMinLength = Number(loadedEnv.minPasswordLength);
 const resolvedMinPasswordLength = Number.isInteger(parsedMinLength) && parsedMinLength > 0 ? parsedMinLength : 8;
 
-export const environment = {
+// Validate and normalize apiGatewayHeaderName (RFC 7230 token format)
+const resolvedApiGatewayHeaderName =
+  typeof loadedEnv.apiGatewayHeaderName === 'string' &&
+  /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(loadedEnv.apiGatewayHeaderName.trim())
+    ? loadedEnv.apiGatewayHeaderName.trim()
+    : 'Fineract-Platform-TenantId';
+
+interface IEnvironment {
+  [key: string]: any;
+  apiGatewayHeaderName: string;
+}
+
+export const environment: IEnvironment = {
   production: true,
   version: env.mifos_x.version,
   hash: env.mifos_x.hash,
@@ -145,7 +157,13 @@ export const environment = {
     oidcClientId: loadedEnv['oidcClientId'] || loadedEnv['FINERACT_PLUGIN_OIDC_CLIENT_ID'] || '',
     oidcApiUrl: loadedEnv['oidcApiUrl'] || loadedEnv['FINERACT_PLUGIN_OIDC_API_URL'] || '',
     oidcFrontUrl: loadedEnv['oidcFrontUrl'] || loadedEnv['FINERACT_PLUGIN_OIDC_FRONTEND_URL'] || ''
-  }
+  },
+  /**
+   * Name of the header used to signal the tenant/platform to the API gateway
+   * Default kept for backward compatibility with existing deployments and tests
+   * Validated against RFC 7230 token format; whitespace trimmed; invalid values fallback to default.
+   */
+  apiGatewayHeaderName: resolvedApiGatewayHeaderName
 };
 
 // Server URL
diff --git a/src/environments/environment.ts b/src/environments/environment.ts
@@ -20,7 +20,19 @@ const loadedEnv = window.env || {};
 const parsedMinLength = Number(loadedEnv.minPasswordLength);
 const resolvedMinPasswordLength = Number.isInteger(parsedMinLength) && parsedMinLength > 0 ? parsedMinLength : 8;
 
-export const environment = {
+// Validate and normalize apiGatewayHeaderName (RFC 7230 token format)
+const resolvedApiGatewayHeaderName =
+  typeof loadedEnv.apiGatewayHeaderName === 'string' &&
+  /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(loadedEnv.apiGatewayHeaderName.trim())
+    ? loadedEnv.apiGatewayHeaderName.trim()
+    : 'Fineract-Platform-TenantId';
+
+interface IEnvironment {
+  [key: string]: any;
+  apiGatewayHeaderName: string;
+}
+
+export const environment: IEnvironment = {
   production: false,
   version: env.mifos_x.version,
   hash: env.mifos_x.hash,
@@ -149,7 +161,13 @@ export const environment = {
     oidcClientId: loadedEnv.oidcClientId || loadedEnv.FINERACT_PLUGIN_OIDC_CLIENT_ID || '',
     oidcApiUrl: loadedEnv.oidcApiUrl || loadedEnv.FINERACT_PLUGIN_OIDC_API_URL || '',
     oidcFrontUrl: loadedEnv.oidcFrontUrl || loadedEnv.FINERACT_PLUGIN_OIDC_FRONTEND_URL || ''
-  }
+  },
+  /**
+   * Name of the header used to signal the tenant/platform to the API gateway
+   * Default kept for backward compatibility with existing deployments and tests
+   * Validated against RFC 7230 token format; whitespace trimmed; invalid values fallback to default.
+   */
+  apiGatewayHeaderName: resolvedApiGatewayHeaderName
 };
 
 // Server URL
