I'm using the OpenAPI support plugin to crawl a REST API routes (/v1// on HTTP vebs) and run an automated scan.
How can I specify and test the URL parameters of the API ? (limit, offset, pagesize, etc.)
You could:
Proxy manual use/exercise of the API.
Proxy some automated functional tests of the API.
Then run an automated scan on the API use (verbs/params) that ZAP is now aware of.
Edit: 2020-04-22 > There is also currently an open PR which adds support for "example" param values in your OpenAPI definition.
Related
I would like to be able to call Powershell scripts using a REST API. (Please note that I am describing the _opposite_ of calling a REST API from Powershell.) Are there any prebuilt API gateways that support this use case? I've looked at Ocelot, but it currently only acts as a gateway to other REST APIs. Ideally I would simply design my Powershell script functions to follow a defined interface pattern, put the files into a defined directory, and the API gateway would either immediately make those functions available as REST API calls or with minimal configuration.
EDIT: To clarify, I am looking for something self hosted, not cloud based. I haven't found anything yet that is exactly what I need, I may create something myself.
You can try AWS Lambda and API gateway integration.
Here is an example: https://aws.amazon.com/blogs/developer/creating-a-powershell-rest-api/
Amazon offer 12 month free tier plan for this.
A couple of options. If you are on Azure you could expose your Powershell Scripts through Azure Automation :
https://learn.microsoft.com/en-us/azure/automation/automation-webhooks
That'd be a lightweight way of having your scripts enabled through a HTTP POST scenario.
You could also combine or mix it with adding API Management in front to support various scenarios (adding GET/PUT/DELETE support e.g.) or even automate or proxy more things. API Management could of course also be automated.
https://azure.microsoft.com/en-us/services/api-management/
You could also create a folder structure with modules & sub-functions and create a full REST API by using Azure Functions with PowerShell:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell
The latter would also be able to execute in containers & in the supported Azure Function
runtimes.
I apologize if this has been answered already, but I can't find a clear answer.
Does the current generator support authentication?
I need to generate a client with 2 potential ways of authentication:
Via API key, which means a required api_token parameter.
Via an OAuth 2 authentication code flow.
If it does, how do I use it?
If it doesn't, what do you think is the best way to add authentication after generating the client?
Given that the OpenAPI Generator can interact with any server that exposes an OpenAPI document, it would follow that one first needs an OpenAPI document that utilizes the security scheme term for authentication and authorization. OpenAPI 3.0 (and 2.0) lets you describe the two desired auth approaches.
Once an OpenAPI document in .yaml or .json format has been created, I believe the Getting Started instructions describe the commands necessary to generate server stubs for authentication, based on the OpenAPI document that you have created for your auth flow.
For example, if your OpenAPI document would happen to be the Swagger Petstore example, you would "generate" thusly:
npx openapi-generator generate -i petstore.yaml -g ruby -o /tmp/test/
I am trying to set up Karate test framework for our new project. We will be enabling Kerberos authentication to our Rest microservices. Can you please tell me if Karate supports Kerberos aunthentication
Most projects are able to call a normal HTTP end-point and get a token from it which will be used as an auth header. So look for the OAuth and header authentication demos / in the documentation.
Otherwise, take a look at this approach: https://stackoverflow.com/a/51150286/143475 - so it is possible for you with a little extra work to call into some .NET code for e.g. which you can design to give you the headers / tokens you need.
I need to patch Wildfly10 using HTTP or native management API. I know how to do it with CLI using command
patch apply /home/user/patch.zip
but is it possible to apply patch using HTTP or native management API?
Also will that patch be applied to all servers in the targeted server-group?
It is possible. It can be done using native management API.
https://github.com/wildfly/wildfly-core/blob/master/patching/src/main/java/org/jboss/as/patching/tool/PatchOperationTarget.java#L384
It can also be done calling /management-upload url using multipart. One part of multipart is patch zip file, and the second part is json holding request for CLI command /core-service=patching:patch(input-stream-index=0)
you can view this behavior by patching server using admin console and looking in web browsers console network
I am building REST APIs with MicroServices, which means I have different services for providing different resources. Suppose I have below services:
ServiceA is providing resources resourcesA and resourcesA1 with below URLs
https://my-internal-endpoint-for-serviceA/resourcesA
https://my-internal-endpoint-for-serviceA/resourcesA1
ServiceB is providing resources resourcesB and resourcesB1 with below URLs
https://my-internal-endpoint-for-serviceB/resourcesB
https://my-internal-endpoint-for-serviceB/resourcesB1
Now, I want to manage them in Azure API Management. To publish them (by importing the Swagger document from services), API Management portal need an API path for publishing. So, serviceA and serviceB can be published as below:
https://my-api-azure-api.net/serviceA/resourcesA
https://my-api-azure-api.net/serviceA/resourcesA1
https://my-api-azure-api.net/serviceB/resourcesB
https://my-api-azure-api.net/serviceB/resourcesB1
But to be more resources based API management, I am expecting the published APIs to be more like below:
https://my-api-azure-api.net/resourcesA
https://my-api-azure-api.net/resourcesA1
https://my-api-azure-api.net/resourcesB
https://my-api-azure-api.net/resourcesB1
Unfortunately, API management does not allow me for pubshing 2 APIs (serviceA and serviceB) to same path (root path in this case). I don't want to put the service name (or something equivalent) in the URL path as the service name is something duplication of the resource name provided by it. How do I workaround this?
The Azure API Management Policies can help you here, in particular the control flow with the ability to forward requests. The documentation is here: https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-reference
I would approach this by setting up the resources as a single API, by adding one via swagger and then adding in the other services to this one to make it complete (as you want it to appear as a single complete service). Once this is in place you are then free to apply the policies.
Note: you may have to expand the resource path in the following way
https://my-api-azure-api.net/mynewservice/resourcesA
https://my-api-azure-api.net/mynewservice/resourcesA1
https://my-api-azure-api.net/mynewservice/resourcesB
https://my-api-azure-api.net/mynewservice/resourcesB1
Maybe the answer to this question can help:
How to chain APIs using Azure API management
You can use the same policy to map several operations of the same API in API Management to different backend APIs.
But in general all APIs are exposed as <myGateway>.azure-api.net/<myApi>/<myOperation>.