How to generaty proxy from swagger file with validations (path and http method restriction)?

So, I have created a spec with 1 endpoint, for example v1/accounts and method GET. When I am generating proxy in Apigee from this spec its generates me folowwing:

<Flows> <Flow name="V1AccountsGet"> <Description>Return list of accounts for specified customer profile</Description> <Request/> <Response/> <Condition>(proxy.pathsuffix MatchesPath "/v1/accounts") and (request.verb = "GET")</Condition> </Flow> </Flows>

And if I invoke apigeehost/test/v1/accounts method GET - it goes to backend.It is OK

If I send apigeehost/test/v1/accounts method POST - it goes to backend.It should return an error?

If I send apigeehost/test/v1/accounts/123 - it goes to backend.It should return an error?

And my question is why Apigee is allowing to make calls with wrong HTTP methods and wrong http path, which was not defined in the swagger?

Usually all those validations I am adding manually which sometimes takes too much time.

0 3 263
3 REPLIES 3

@arturs

The "MatchesPath" expression in your condition works perfectly fine.

Can you post your trace for this call?

The problem is not in MatchesPath, but in how Apigee is generating proxy from swagger.

This code was generated automatically by Apigee from spec.

So in my understanding to fullfill all swagger file requirements it should generate something like this:

<Step> <Condition>(request.verb != "GET") and (proxy.pathsuffix MatchesPath "/v1/accounts")</Condition> <Name>fault_method_not_allowed</Name> </Step>

<Flow name="Invalid Path"> <Description>Invalid Path</Description> <Request> <Step> <Name>fault_path_not_allowed</Name> </Step> </Request> <Response/> <Condition>(proxy.pathsuffix MatchesPath "/**")</Condition> </Flow>

And my questions is -> is there posibility to automate this? To not put those validations for each proxy, but generate it automatically from spec.

@Arturs

The api proxy generation from swagger doesn't support adding any custom policies like the above by default.

You will need to write your own custom utility to add these to the proxy generated from the openapi spec.

You can also checkout if sharedflows and flowfragments are useful for your usecase.