Managing mis-spelled resource URIs

Not applicable

Hi,

I am playing around with API proxies. I was following your "Get Started" tutorial.

So I have defined my API proxy as:

http://ritwik-chatterjee-test.apigee.net/v1/weather/forecastrss

Here is my problem statement:

1. How can I restrict an incoming request with mis-spelled resource URI from being forwarded to the back-end? Currently if I make a call like http://ritwik-chatterjee-test.apigee.net/v1/weather/forecastrssXXX?w=12795287 the request is not stopped at Apigee. It is forwarded to Yahoo which responds back and shows a not-found page. Ideally I should be able to stop the request right at my proxy from going further since it had an incorrect resource URI.

I then changed the resource URI from /forecastrss to /forecastrssABC

2. In this case when I make a call with /forecastrssABC the call is going through to the backend (acceptable), but ofcourse yahoo does not find anything. However, the problematic area is it is allowing me to make a call with /forecastrss (this is not defined in my proxy) and is retrieving the correct response. Shouldn't that be stopped at API proxy itself? Otherwise I will not be able to restrict access to other resources at the backend through my proxy.

Please help. What am I missing here?

Regards,

Ritwik

0 4 272
4 REPLIES 4

[Answer part 1/2. Answer continues in next post]

Hi @ritwik_chatterjee,

One way to fix this is by adding a proxy Resource that handles all invalid resource paths by raising a fault and returning an error response, without sending the request to the backend, when an unknown request url is called. Here's how:

1) Add new proxy resource:

Under the API Proxy Development view, click on New >> New Resource.

For now, specify Resource Methods to handle as "All", and Resource Path as "/". We'll remove this later.

522-screenshot-unknownresourcedef.png

2) Change the Resource config:

523-screenshot-unknownresourceconfig1.png

Remove the <Condition>....</Condition> tags. Hit 'Save' (top left hand corner).

Answer continued in next post...

Not applicable

Hi @ritwik_chatterjee,

Your API Proxy on Apigee listens to depends on your base path, and all the subpaths under that.

If you only have one API, with the base path /v1/weather/forecastrss, the following APIs call will only work and you can control them from within your API Proxy, and all of them will get forwarded to your backend

http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrss

http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrss/<your resources>

http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrss/<other resources>

//So these will work and will get forwarded to your backend

http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrss/ABC
http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrss/XYZ

Any other API call should give a Classification Failure, from Apigee directly

http://{org-name}-{env-name}.apigee.net/v1/weather/forecastrssABC

//your should see a response like this

{
    "fault": {
        "faultstring": "Classification failed for host sandeepm-test.apigee.net",
        "detail": {
            "code": "CLASSIFICATION_FAILED"
        }
    }
}


However, if your Proxy basepath is /v1/weather

then /v1/weather/forecastrss along with /v1/weather/forecastrssABC or /v1/weather/ABC will work and the requests are proxied to the backend.

You can restrict access to other resources, and return a fault directly from Apigee. For that, you can use the default flow in your Proxy (a flow without a condition) and add a rise fault policy with a 503 or a 404 error code.

Let me check if there is a community article on using the default flow. If there isn't one, may be I can write it and post the link here.

[Answer part 2/2. Answer continues in comments]

3) Add a Raise Fault policy:

Click on New Policy >> Raise Fault.

527-screenshot-unknownresourceconfig3.png

Once added, change the policy config to the following:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="Raise-Fault-Unknown-Resource">
    <DisplayName>Raise Fault - Unknown Resource</DisplayName>
    <FaultResponse>
        <Set>
            <StatusCode>404</StatusCode>
            <ReasonPhrase>Resource not found.</ReasonPhrase>
        </Set>
    </FaultResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

Hit Save. Deploy to environment of choice.

4) Now, every time a request comes in with an unknown URL path, the proxy will attempt to match with all known Resources, and finally with the Unknown Resource flow. Since we have removed any conditional config for this resource, it will match it be default if no others match.

The proxy will then Raise the Fault for Unknown Resource Path, returning a HTTP 404.

526-screenshot-unknownresource-req.png