Restrict API resource access in combination of Verb and Path

apiguru
Participant II

How to build conditional flows that return status code 405 (method not allowed) if the verb & path combination is not allowed.

0 1 233
1 REPLY 1

sidd-harth
Participant V

Add a ConditionalFlow(invalid-verb-path-flow) just before the PostFlow in ProxyEndpoint. Use a RaiseFault policy with no Condition.

So whenever the proxy receives a verb/path combo which did not match the Earlier Conditions, it would come to the invalid-verb-path-flow and execute the RaiseFault.

Within RaiseFault use our 405 code and custom error message.

Check the below image which has an invalid-path flow

https://community.apigee.com/storage/attachments/8691-flows.jpg