About byz

byz

This should be resolved as of 2021. When using swagger: "2.0", the portal does not allow type: "http". Only basic, apiKey, oauth2 are allowed. Hence, the workaround is to use type: "apiKey" and name it as Bearer. When using openapi: "3.0.x", the port...

byz

When using swagger: "2.0", the portal does not allow type: "http". Only basic, apiKey, oauth2 are allowed. Hence, the workaround is to use type: "apiKey" and name it as Bearer. When using openapi: "3.0.x", the portal should allow type: "http" and sch...

byz

Great question - we don't have a supported way to do this without manual intervention today. We do have plans to enable some automation scenarios similar to this in the future, but don't have specific details or timeline at this time. It is a top-of-...

byz

There isn't a direct experience today - I believe the closest experience would be to use tags, which should be recognized in most cases (and not rendered), but that might not be honored/guaranteed for every browser, search engine, or other interpret...

byz · 02-21-2024

I'm understanding the vulnerability as that a malicious actor may construct a URL with a 'trusted' hostname (e.g. for a published portal) that is allowed to redirect the user to a different (malicious) URL with a different host. Thank you for reporti...

My Stats

byz's Bio

Badges byz Earned

Recent Activity

Re: OpenAPI Spec using JWT Bearer authentication is reflected in Editor, but Developer Portal shows

Re: Apigee Portal Bearer authorization not working

Re: Exporting Apigee integrated Developer Portal from 1 org into another in Apigee Hybrid

Re: Adding metadata as frontmatter to page content in the Integrated Dev Portal

Re: Prevent redirection from URL injection in the Developer Portal