This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Disabled query params and thrown an error

Posted on 07-29-2024 02:29 AM
rajesh_1330
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have a below requirement.

Disabled query params when unknown params found and thrown an error. 

Example: I have 100 query params in extract variable policy and from the request, I am getting different query param. That unknown params should Disabled in apigee and throws an error.

 

1 1 148
Topic Labels
Reply
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM
@rajesh_1330 wrote:

: I have 100 query params in extract variable policy and from the request, I am getting different query param.

 

I think what you want to do, is reject an inbound request, if the inbound request bears a parameter (like a query param) that is not supported by your API.  

This is ONE of the things you can do, if you describe your API with an OpenAPI Specification.  The OpenAPI Spec allows you to specify each parameter by name and type, and you can even specify validity checks on the parameter (For example some parameters might be numbers, where others must be a date string of the form yyyy-mm-dd). 

In Apigee you can then use an OASValidation policy to validate the incoming request against the specification document.  If the inbound request has a parameter that is not in the specification, then the OASValidation policy will throw a fault and reject the request. 

If you do not wish to use the formal interface definition in the form of an OpenAPI Specification, then, you will have to perform validation "manually".  You cannot do this with the ExtractVariables policy. ExtractVariables will extract parameters, but it will not validate requests. 

If I were doing this I might use a JavaScript policy, to examine the list of provided queryparam names, against the list of acceptable queryparam names. You could do something like this: 

var providedQparams = context.getVariable('request.queryparams.names.string');
providedQparams = providedQparams.split(","); // an array
var acceptableQueryParamNames = ["qp1", "qp2", "abc"];

// find params that are not on the acceptable list
var invalidQueryParams = providedQparams.filter(function (qp) {
  return acceptableQueryParamNames.indexOf(qp) < 0;
});

// throw error if any are invalid
if (invalidQueryParams.length) {
  if (invalidQueryParams.length == 1) {
    throw new Error("unacceptable parameter [" + invalidQueryParams[0] + "]");
  } else {
    throw new Error(
      "unacceptable parameters [" + invalidQueryParams.join(",") + "]"
    );
  }
}

 

Reply
Top Solution Authors
View all