How should I handle API endpoints which accepts wildcard characters?
For example I have an endpoint /version1/resources/** defined in my controller and this endpoint accepts any string after the /resource/.
In my swagger this endpoint looks like this:
GET: /version1/resource/**
But I don't know how to pass any string to this wildcard character from swagger.
I am using springfox-swagger2 of version 2.5.0
Related
is there a way to limit swagger query params? for example - if somebody submits a GET request like:
/users/bob?product=10
and accidentally typed in /users/bob?products=10 - is there a swagger property I can add that will then throw an error?
Swagger allows you to describe the REST APIs. If product is the only query parameter allow, then the server should throw an exception if it finds other query parameters in the request from the client.
In other words, there's no way in Swagger to say parameters with certain names are not allowed as other parameters not documented in Swagger are disallowed by default.
I was working on Swagger generated OpenAPI specification and I noticed that if we pass some extra fields in PUT/POST API endpoint, then the server doesn't throw any error, even though it process all valid/necessary field.
So my doubt is that
Should the server throw error in this case?
Is it the OpenAPI standard to allow unknown fields and then ignore them?
In Swagger specification 2.0 there is no option to reject the extra fields passed in the request body. Server will only accept those fields that are allowed in the request definition and other fields will be ignored.
If you want to disallow extra fields then you can handle these in the backend manually.
I am using swagger (nswag) in my ASP.NET CORE API project. I have situations which I would like my api call to be something like /api/users/{userIds} aka /api/users/1,2,3 that returns a list of users with the ids 1, 2, or 3.
What I'm finding is that when I make the request using swagger, the Request URL is /api/users/1%2C2%2C3 and if I make the request /api/users/1,2,3 (not using swagger), the endpoint cannot be found.
How do I change my configurations to be able to use a comma separated parameter?
We're making requests for bearer tokens using client_credentials OAuth 2 grant flow with Apigee. According to the spec:
4.4.2. Access Token Request
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:
grant_type
REQUIRED. Value MUST be set to "client_credentials".
If we make a call however we get an error like this:
{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}
It seems that using Apigee we have to send grant_type as a query parameter.
Why is this? We have clients of Apigee that are unable to use OAuth libraries in their language of choice because of the way that Apigee deals with OAuth 2, and it would be good to know if there is by-design or not.
In addition it doesn't seem like it supports grant_type in the post body and sending id and key using basic auth.
Turns out you do not need to send in grant_type as a query parameter. There is a <GrantType> element in your GenerateAccessToken policy that takes in a variable. For instance, I can use the following:
<OAuthV2 name="GenerateAccessToken">
<DisplayName>GenerateAccessToken</DisplayName>
<FaultRules/>
<Properties/>
<!-- This policy generates an OAuth 2.0 access token using the password grant type -->
<Operation>GenerateAccessToken</Operation>
<!-- This is in millseconds -->
<ExpiresIn>1800000</ExpiresIn>
<Attributes/>
<SupportedGrantTypes>
<GrantType>password</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="false">
<Format>FORM_PARAM</Format>
</GenerateResponse>
<GrantType>user.grant_type</GrantType>
<UserName>request.header.username</UserName>
<PassWord>request.header.password</PassWord>
</OAuthV2>
In this example, the grant_type is passed in as user.grant_type. But user.grant_type can be anything-- header, query param, form param, or even a hard-coded value. This way, you (the developer) are provided maximum flexibility on how you want to send in the grant_type.
Can you paste the exact API call that you are making (obviously you should obfuscate the key and secret)?
I'd like to understand what you say when you say "Apigee" -- it could mean API BAAS (https://api.usergrid.com) or a proxy that you defined using API services and attached an OAuth 2 policy to, or something else?
I am receiving HTTP/SOAP request with some query parameters. Those query parameters are in repeated format as key=value as /q=key1=value1&key2=value2 etc...
I would like to retrieve all the keys from above URL and check if they are valid or not.
1. Is there any way to define global array which can hold these keys
2. How to validate if keys are present or not. Does ESB supports java "contains" API ?
I believe you are doing a GET request..
You can retrieve all the query parameters in a sequence.
eg:
For a request url; http:// localhost:8280/getSimpleQuote?symbol=IBM
<property name="symbol" expression="$url:symbol"/> will return the symbol 'IBM'.
After getting all keys, you can validate them
you can get the query parameters with the xpath expression get-property{'uri.var.xxx'} with xxx is the name of the query parameter you need to get.
When a resource is defined with a URL mapping, only those requests that match the given URL mapping will be processed by the resource. Alternatively one could configure a resource with a URI template. A URI template represents a class of URIs using patterns and variables. Some examples of valid URI templates are given below.
/order/{orderId}
/dictionary/{char}/{word}
All the identifiers within curly braces are considered variables. A URL that matches the template “/order/{orderId}” is given below.
/order/A0001
In the above URL instance, the variable orderId has been assigned the value “A0001”. Similarly following URL adheres to the template “/dictionary/{char}/{word}”.
/dictionary/c/cat
In this case the variable “char” has the value “c” and the variable “word” is given the value “cat”. When a resource is associated with a URI template, all requests that match the template will be processed by the resource. At the same time ESB will provide access to the exact values of the template variables through message context properties. For an example assume a resource configured with the URI template “/dictionary/{char}/{word}”. If the request “/dictionary/c/cat” is sent to the ESB, it will be dispatched to the above resource and we will be able to retrieve the exact values of the two variables using the get-property XPath extension of WSO2 ESB: