IBM API Connect: Set-Variable does not work

Question

I'm a novice in IBM API Connect. What I want to realize is to pass the client certificate used in the mutual TLS connection between an API caller and IBM API Connect to a backend server as a value of Client-Cert HTTP header.

I thought that Set-Variable could be used for the purpose, but a request forwarded to the backend server does not contain the Client-Cert HTTP header.

Could anyone help me out?

swagger: '2.0'
info:
  version: 1.0.0
  title: test
  x-ibm-name: test
basePath: /test
x-ibm-configuration:
  properties:
    target-url:
      value: https://httpdump.io/tqvg_
      description: URL of the proxy policy
      encoded: false
  cors:
    enabled: true
  gateway: datapower-api-gateway
  type: rest
  phase: realized
  enforced: true
  testable: true
  assembly:
    execute:
      - set-variable:
          version: 2.0.0
          title: client-cert
          actions:
            - value: ':$(application.certificate.Base64):'
              type: string
              add: Client-Cert
            - value: My-Value
              add: My-Header
              type: string
          description: >-
            Set the client certificate used in the mutual TLS connection to the
            Client-Cert HTTP header in the format defined in "Client-Cert HTTP
            Header Field".
      - invoke:
          version: 2.2.0
          title: invoke
          backend-type: detect
          header-control:
            type: blocklist
            values: []
          parameter-control:
            type: blocklist
            values: []
          http-version: HTTP/1.1
          timeout: 60
          verb: POST
          chunked-uploads: true
          persistent-connection: true
          cache-response: protocol
          cache-ttl: 900
          stop-on-error: []
          websocket-upgrade: false
          target-url: $(target-url)
          graphql-send-type: detect
    finally: []
  activity-log:
    enabled: true
    success-content: activity
    error-content: payload
paths:
  /:
    get:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
    put:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
    post:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
    delete:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
    head:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
    patch:
      responses:
        '200':
          description: success
          schema:
            type: string
      consumes: []
      produces: []
schemes:
  - https

Answer 1

Your variable name should be message.headers.Client-Cert if you want to add a header. Otherwise you're just creating an internal variable that never gets read.