As per documentation
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. link
I want to pass this token to the backend for every published API. What is the correct place to configure such behavior?
Uncomment below configuration in repository/conf/api-manager.xml and set false.
<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>