Open ksankeerth opened 1 year ago
When publishing API, the JSON SCHEMA for endpointConfig is very flexible Even if we add some additional attributes, they won’t cause any errors. Eg:
curl --location 'https://127.0.0.1:9443/api/am/publisher/v2/apis' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic YWRtaW46YWRtaW4=' \ --data-raw '{ "name": "PizzaShackAPI1", "description": "This is a simple API for Pizza Shack online pizza delivery store.", "context": "pizza1", "version": "1.0.0", "provider": "admin", "lifeCycleStatus": "CREATED", "wsdlInfo": { "type": "WSDL" }, "responseCachingEnabled": true, "cacheTimeout": 300, "hasThumbnail": false, "isDefaultVersion": false, "isRevision": false, "revisionId": 1, "enableSchemaValidation": false, "type": "HTTP", "transport": [ "http", "https" ], "tags": [ "pizza", "food" ], "policies": [ "Unlimited" ], "apiThrottlingPolicy": "Unlimited", "authorizationHeader": "Authorization", "securityScheme": [ "oauth2" ], "maxTps": { "production": 1000, "sandbox": 1000 }, "visibility": "PUBLIC", "visibleRoles": [], "visibleTenants": [], "mediationPolicies": [ { "name": "json_to_xml_in_message", "type": "in" }, { "name": "xml_to_json_out_message", "type": "out" }, { "name": "json_fault", "type": "fault" } ], "subscriptionAvailability": "CURRENT_TENANT", "subscriptionAvailableTenants": [], "additionalProperties": [ { "name": "string", "value": "string", "display": true } ], "monetization": { "enabled": true, "properties": { "property1": "string", "property2": "string" } }, "accessControl": "NONE", "accessControlRoles": [], "businessInformation": { "businessOwner": "businessowner", "businessOwnerEmail": "businessowner@wso2.com", "technicalOwner": "technicalowner", "technicalOwnerEmail": "technicalowner@wso2.com" }, "corsConfiguration": { "corsConfigurationEnabled": false, "accessControlAllowOrigins": [ "string" ], "accessControlAllowCredentials": false, "accessControlAllowHeaders": [ "string" ], "accessControlAllowMethods": [ "string" ] }, "websubSubscriptionConfiguration": { "enable": false, "secret": "string", "signingAlgorithm": "string", "signatureHeader": "string" }, "workflowStatus": "APPROVED", "createdTime": "string", "lastUpdatedTime": "string", "endpointConfig": { "test": "test", "endpoint_type": "http", "sandbox_endpoints": { "url": "https://localhost:9443/am/sample/pizzashack/v1/api/" }, "production_endpoints": { "url": "https://localhost:9443/am/sample/pizzashack/v1/api/" } }, "endpointImplementationType": "INLINE", "scopes": [ { "scope": { "name": "apim:api_view", "displayName": "api_view", "description": "This Scope can used to view Apis", "bindings": [ "admin", "Internal/creator", "Internal/publisher" ] }, "shared": true } ], "operations": [ { "target": "/order/{orderId}", "verb": "POST", "authType": "Application & Application User", "throttlingPolicy": "Unlimited" }, { "target": "/menu", "verb": "GET", "authType": "Application & Application User", "throttlingPolicy": "Unlimited" } ], "threatProtectionPolicies": { "list": [ { "policyId": "string", "priority": 0 } ] }, "serviceInfo": { "key": "PetStore-1.0.0", "name": "PetStore", "version": "1.0.0", "outdated": false }, "advertiseInfo": { "advertised": true, "originalDevPortalUrl": "https://localhost:9443/devportal", "apiOwner": "admin", "vendor": "WSO2" } }' In the above example, We added unnecessary property in endpointConfig. The customer request to improve the code to validate endpointConfig to avoid having unnecessary data in endpointConfig. They have observed that many API creators added useless data into endpointConfig.
APIM
3.2.0
No response
As of today, we validate the necessary information, but allow option properties. We will look at this beyond 4.3.0
Problem
When publishing API, the JSON SCHEMA for endpointConfig is very flexible Even if we add some additional attributes, they won’t cause any errors. Eg:
curl --location 'https://127.0.0.1:9443/api/am/publisher/v2/apis' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic YWRtaW46YWRtaW4=' \ --data-raw '{ "name": "PizzaShackAPI1", "description": "This is a simple API for Pizza Shack online pizza delivery store.", "context": "pizza1", "version": "1.0.0", "provider": "admin", "lifeCycleStatus": "CREATED", "wsdlInfo": { "type": "WSDL" }, "responseCachingEnabled": true, "cacheTimeout": 300, "hasThumbnail": false, "isDefaultVersion": false, "isRevision": false, "revisionId": 1, "enableSchemaValidation": false, "type": "HTTP", "transport": [ "http", "https" ], "tags": [ "pizza", "food" ], "policies": [ "Unlimited" ], "apiThrottlingPolicy": "Unlimited", "authorizationHeader": "Authorization", "securityScheme": [ "oauth2" ], "maxTps": { "production": 1000, "sandbox": 1000 }, "visibility": "PUBLIC", "visibleRoles": [], "visibleTenants": [], "mediationPolicies": [ { "name": "json_to_xml_in_message", "type": "in" }, { "name": "xml_to_json_out_message", "type": "out" }, { "name": "json_fault", "type": "fault" } ], "subscriptionAvailability": "CURRENT_TENANT", "subscriptionAvailableTenants": [], "additionalProperties": [ { "name": "string", "value": "string", "display": true } ], "monetization": { "enabled": true, "properties": { "property1": "string", "property2": "string" } }, "accessControl": "NONE", "accessControlRoles": [], "businessInformation": { "businessOwner": "businessowner", "businessOwnerEmail": "businessowner@wso2.com", "technicalOwner": "technicalowner", "technicalOwnerEmail": "technicalowner@wso2.com" }, "corsConfiguration": { "corsConfigurationEnabled": false, "accessControlAllowOrigins": [ "string" ], "accessControlAllowCredentials": false, "accessControlAllowHeaders": [ "string" ], "accessControlAllowMethods": [ "string" ] }, "websubSubscriptionConfiguration": { "enable": false, "secret": "string", "signingAlgorithm": "string", "signatureHeader": "string" }, "workflowStatus": "APPROVED", "createdTime": "string", "lastUpdatedTime": "string", "endpointConfig": { "test": "test", "endpoint_type": "http", "sandbox_endpoints": { "url": "https://localhost:9443/am/sample/pizzashack/v1/api/" }, "production_endpoints": { "url": "https://localhost:9443/am/sample/pizzashack/v1/api/" } }, "endpointImplementationType": "INLINE", "scopes": [ { "scope": { "name": "apim:api_view", "displayName": "api_view", "description": "This Scope can used to view Apis", "bindings": [ "admin", "Internal/creator", "Internal/publisher" ] }, "shared": true } ], "operations": [ { "target": "/order/{orderId}", "verb": "POST", "authType": "Application & Application User", "throttlingPolicy": "Unlimited" }, { "target": "/menu", "verb": "GET", "authType": "Application & Application User", "throttlingPolicy": "Unlimited" } ], "threatProtectionPolicies": { "list": [ { "policyId": "string", "priority": 0 } ] }, "serviceInfo": { "key": "PetStore-1.0.0", "name": "PetStore", "version": "1.0.0", "outdated": false }, "advertiseInfo": { "advertised": true, "originalDevPortalUrl": "https://localhost:9443/devportal", "apiOwner": "admin", "vendor": "WSO2" } }' In the above example, We added unnecessary property in endpointConfig. The customer request to improve the code to validate endpointConfig to avoid having unnecessary data in endpointConfig. They have observed that many API creators added useless data into endpointConfig.
Solution
Affected Component
APIM
Version
3.2.0
Implementation
No response
Related Issues
No response
Suggested Labels
No response