Related
I have been debugging an issue with Cloudfront whereby specifically including the term "notification" in the query string of my request URL returns a 403 from S3. The two following examples exhibit this behaviour:
https://my.website.com/app/home?notification=THING - 403 Forbidden returned by S3
https://my.website.com/app/home?notificatio=THING - 304 Not Modified, and I can access the resource(s) without issue
To the extent of my testing, any content in the query string that explicitly does not include the string "notification" works. It's just this word in particular which is problematic.
Some things to note...
Query String Forwarding and Caching on the origin behaviour is set to "Forward all, cache based on all"
I have a Lambda function triggering on origin-request, origin-response & viewer-response events; this function appends /index.html to the request URI before forwarding to the origin.
Both requests are using the same Origin Access Identity which I can verify has adequate permissions to S3 - this is proven by the second example working as expected.
As I understand it, S3 pays no attention to forwarded query strings, however extracting the request/response data from both of the examples above clearly shows a difference in behaviour, despite the only variable being the contents of the query string (that I can tell anyway!)
Failed request:
{
"config": {
"distributionDomainName": "<redacted>.cloudfront.net",
"distributionId": "<redacted>",
"eventType": "origin-response",
"requestId": "<redacted>"
},
"request": {
"clientIp": "<redacted>",
"headers": {
"x-forwarded-for": [
{
"key": "X-Forwarded-For",
"value": "<redacted>"
}
],
"user-agent": [
{
"key": "User-Agent",
"value": "Amazon CloudFront"
}
],
"via": [
{
"key": "Via",
"value": "1.1 <redacted>.cloudfront.net (CloudFront)"
}
],
"host": [
{
"key": "Host",
"value": "<redacted>.s3.eu-west-1.amazonaws.com"
}
]
},
"method": "GET",
"origin": {
"s3": {
"authMethod": "origin-access-identity",
"customHeaders": {},
"domainName": "<redacted>.s3.eu-west-1.amazonaws.com",
"path": "",
"region": "eu-west-1"
}
},
"querystring": "notification=THING",
"uri": "/app/home/index.html"
},
"response": {
"headers": {
"x-amz-request-id": [
{
"key": "x-amz-request-id",
"value": "<redacted>"
}
],
"x-amz-id-2": [
{
"key": "x-amz-id-2",
"value": "<redacted>"
}
],
"date": [
{
"key": "Date",
"value": "Tue, 15 Dec 2020 17:15:11 GMT"
}
],
"server": [
{
"key": "Server",
"value": "AmazonS3"
}
],
"content-type": [
{
"key": "Content-Type",
"value": "application/xml"
}
],
"transfer-encoding": [
{
"key": "Transfer-Encoding",
"value": "chunked"
}
]
},
"status": "403",
"statusDescription": "Forbidden"
}
}
Working:
{
"config": {
"distributionDomainName": "<redacted>.cloudfront.net",
"distributionId": "<redacted>",
"eventType": "origin-response",
"requestId": "<redacted>"
},
"request": {
"clientIp": "<redacted>",
"headers": {
"if-modified-since": [
{
"key": "If-Modified-Since",
"value": "<redacted>"
}
],
"if-none-match": [
{
"key": "If-None-Match",
"value": "<redacted>"
}
],
"x-forwarded-for": [
{
"key": "X-Forwarded-For",
"value": "<redacted>"
}
],
"user-agent": [
{
"key": "User-Agent",
"value": "Amazon CloudFront"
}
],
"via": [
{
"key": "Via",
"value": "1.1 <redacted>.cloudfront.net (CloudFront)"
}
],
"host": [
{
"key": "Host",
"value": "<redacted>.s3.eu-west-1.amazonaws.com"
}
]
},
"method": "GET",
"origin": {
"s3": {
"authMethod": "origin-access-identity",
"customHeaders": {},
"domainName": "<redacted>.s3.eu-west-1.amazonaws.com",
"path": "",
"region": "eu-west-1"
}
},
"querystring": "notificatio=THING",
"uri": "/app/home/index.html"
},
"response": {
"headers": {
"x-amz-id-2": [
{
"key": "x-amz-id-2",
"value": "<redacted>"
}
],
"x-amz-request-id": [
{
"key": "x-amz-request-id",
"value": "<redacted>"
}
],
"date": [
{
"key": "Date",
"value": "Tue, 15 Dec 2020 17:17:29 GMT"
}
],
"last-modified": [
{
"key": "Last-Modified",
"value": "Thu, 03 Dec 2020 09:14:18 GMT"
}
],
"etag": [
{
"key": "ETag",
"value": "<redacted>"
}
],
"cache-control": [
{
"key": "Cache-Control",
"value": "no-cache"
}
],
"server": [
{
"key": "Server",
"value": "AmazonS3"
}
]
},
"status": "304",
"statusDescription": "Not Modified"
}
}
Resurrecting this because I found it extremally hard to google this issue. First I narrowed it down to the problem being on the S3 side. I had a similar problem with "location" in my query string. Apparently both of these are being interpreted by the S3 API:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html#bucket-config-options-intro
I contacted support to see if there's a way to work around this and I got this:
"I was able to confirm using the log from the request ID you provided that these query strings are being interpreted as API calls. https://xxxx.s3.eu-west-1.amazonaws.com/index.html?location=test is being interpreted as a GetBucketLocation API operation. The notification query string would be interpreted as a GetBucketNotificationConfiguration operation. This being the case you will not be able to use these query string parameters such as 'location'.
After consulting with some colleagues on the issue, I can confirm that this is as designed and cannot be changed. The recommendation here would be to change the query string used to something like 'loc' so that you don't send an unintentional API operation to S3."
I am getting this error after upgrading my api from .netcore2.2 to 3.1 and trying to generate using autorest with the --v3 switch
WARNING: Schema violation: Data does not match any schemas from
'oneOf'
I have tried with and without SerializeAsV2
I see from the Autorest docs that this warning is because of an supported feature.
anyOf, oneOf are not currently supported
In services.AddSwaggerGen I have
c.ParameterFilter<SwaggerEnumParameterFilter>();
c.SchemaFilter<SwaggerEnumFilter>();
where
public void Apply(OpenApiParameter parameter, ParameterFilterContext context)
{
var type = context.ApiParameterDescription.Type;
if (type.IsEnum)
parameter.Extensions.Add("x-ms-enum", new OpenApiObject
{
["name"] = new OpenApiString(type.Name),
["modelAsString"] = new OpenApiBoolean(false)
});
}
public class SwaggerEnumFilter : ISchemaFilter
{
public void Apply(OpenApiSchema model, SchemaFilterContext context)
{
if (model == null)
throw new ArgumentNullException("model");
if (context == null)
throw new ArgumentNullException("context");
if (context.Type.IsEnum)
model.Extensions.Add(
"x-ms-enum",
new OpenApiObject
{
["name"] = new OpenApiString(context.Type.Name),
["modelAsString"] = new OpenApiBoolean(false)
}
);
}
}
[update]
After upgrading to Autorest 3.0.6244 the warnings have changed to errors and the error message ends with
post > parameters > 0)
If I don't use the v3 switch I get the error
FATAL: swagger-document/individual/schema-validator - FAILED
FATAL: Error: [OperationAbortedException] Error occurred. Exiting.
Process() cancelled due to exception : [OperationAbortedException] Error occurred. Exiting.
I can see in the swagger.json that the parameters property "name" is not generating correctly. Here it contains "body" whereas previously it contained "info"
"/api/FrameLookUp": {
"post": {
"tags": [
"Frame"
],
"operationId": "FrameLookup",
"consumes": [
"application/json-patch+json",
"application/json",
"text/json",
"application/*+json"
],
"produces": [
"application/json"
],
"parameters": [
{
"in": "header",
"name": "Authorization",
"description": "access token",
"required": true,
"type": "String"
},
{
"in": "body",
"name": "body",
"schema": {
"$ref": "#/definitions/FrameRequest"
}
}
],
"responses": {
"200": {
"description": "Success",
"schema": {
"$ref": "#/definitions/FrameResponse"
}
}
}
}
},
The controller is
[Produces("application/json")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Route("api")]
public class FrameController : MyController
{
[ProducesResponseType(typeof(FrameResponse), StatusCodes.Status200OK)]
[HttpPost("FrameLookUp")]
public IActionResult FrameLookup([FromBody] FrameRequest info)
{
IMyResponse MyFunc(IMyRequest x) => FrameData.FrameLookUp(info);
return InnerMethod(MyFunc, info);
}
}
Update
I have also tried using the SwaggerParameter from Swashbuckle.AspNetCore.Annotations
[Update]
I am thinking that maybe I just need to try the release for issue 1766
I tried cloning the swashbuckle.aspnetcore repo but ran into this issue
[Update]
I added c.GeneratePolymorphicSchemas(); to the AddSwaggerGen options but it has not helped.
[Update]
Here is the first error message
ERROR: Schema violation: Data does not match any schemas from 'oneOf'
- https://localhost:44348/api-docs/v1/swagger.json:1951:8 ($.paths["/api/synchronise-management/get-product-images-Ids"].post.parameters)
Investigating line 1951 in swagger.json
In the working swagger ( generated from dotnet2.2 project ) the json looks very similar however the parameter order is swapped
The other difference I can see is the generated name of the parameter
I see from this question the error occurs in the same place
[Update]
when I add the --debug switch to the autorest call I get
/configuration
DEBUG: pipeline-emitter - END
DEBUG: configuration-emitter - END
DEBUG: swagger-document-override/md-override-loader - END
DEBUG: swagger-document/loader - END
DEBUG: swagger-document/individual/transform - START
DEBUG: swagger-document/individual/transform - END
DEBUG: swagger-document/individual/schema-validator - START
ERROR: Schema violation: Data does not match any schemas from 'oneOf'
- https://localhost:44348/api/v1/swagger.json:1951:8 ($.paths["/api/synchronise-management/get-product-images-Ids"].
[Update]
Here is the cut down json
{
"swagger": "2.0",
"info": {
"title": "myapi API31",
"description": "ASP.NET Core Web API",
"version": "v1"
},
"host": "localhost:44348",
"basePath": "/v1",
"schemes": [
"https"
],
"paths": {
"/api/Test": {
"get": {
"tags": [
"Auth"
],
"operationId": "Test",
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/api/RequestToken": {
"post": {
"tags": [
"Auth"
],
"operationId": "RequestToken",
"consumes": [
"application/json-patch+json",
"application/json",
"text/json",
"application/*+json"
],
"produces": [
"application/json"
],
"parameters": [
{
"in": "body",
"name": "body",
"schema": {
"$ref": "#/definitions/TokenRequest"
}
}
],
"responses": {
"200": {
"description": "Success",
"schema": {
"$ref": "#/definitions/TokenResponse"
}
}
}
}
},
"/api/FrameLookUp": {
"post": {
"tags": [
"Frame"
],
"operationId": "FrameLookup",
"consumes": [
"application/json-patch+json",
"application/json",
"text/json",
"application/*+json"
],
"produces": [
"application/json"
],
"parameters": [
{
"in": "header",
"name": "Authorization",
"description": "access token",
"required": true,
"type": "String"
},
{
"in": "body",
"name": "body",
"schema": {
"$ref": "#/definitions/FrameRequest"
}
}
],
"responses": {
"200": {
"description": "Success",
"schema": {
"$ref": "#/definitions/FrameResponse"
}
}
}
}
}
},
"definitions": {
"TokenRequest": {
"required": [
"password",
"username"
],
"type": "object",
"properties": {
"username": {
"type": "string"
},
"password": {
"type": "string"
}
}
},
"TokenResponse": {
"type": "object",
"properties": {
"tokenResult": {
"type": "string"
}
}
},
"FramePackTypeEnum": {
"enum": [
"NotApplicable",
"PipeRack",
"LwBVan",
"VanTray",
"Car",
"CarryBag"
],
"type": "string",
"x-ms-enum": {
"name": "FramePackTypeEnum",
"modelAsString": false
}
},
"FrameRequest": {
"type": "object",
"properties": {
"qCodeJobId": {
"format": "int32",
"type": "integer"
},
"quantity": {
"format": "int32",
"type": "integer"
},
"widthInMm": {
"format": "int32",
"type": "integer"
},
"heightInMm": {
"format": "int32",
"type": "integer"
},
"ePackingType": {
"$ref": "#/definitions/FramePackTypeEnum"
},
"userEmail": {
"type": "string"
}
}
},
"FrameCaseEnum": {
"enum": [
"Case0_NoBraces",
"Case1_1Vertical_0Horizontal",
"Case2_2Vertical_0Horizontal",
"Case3_NVertical_0Horizontal",
"Case4_0Vertical_1Horizontal",
"Case5_1Vertical_1Horizontal",
"Case6_2Vertical_1Horizontal",
"Case7_NVertical_1Horizontal",
"Case8_0Vertical_2Horizontal",
"Case9_1Vertical_2Horizontal",
"Case10_2Vertical_2Horizontal",
"Case11_NVertical_2Horizontal",
"Case12_0Vertical_NHorizontal",
"Case13_1Vertical_NHorizontal",
"Case14_2Vertical_NHorizontal",
"Case15_NVertical_NHorizontal"
],
"type": "string",
"x-ms-enum": {
"name": "FrameCaseEnum",
"modelAsString": false
}
},
"FrameResponse": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"caseNumber": {
"$ref": "#/definitions/FrameCaseEnum"
},
"memberPriceEachExGst": {
"format": "double",
"type": "number"
},
"retailPriceEachExGst": {
"format": "double",
"type": "number"
}
}
}
}
}
With the .netcore2.2 api the request generates as
"FrameRequest": {
"type": "object",
"properties": {
"qCodeJobId": {
"format": "int32",
"type": "integer"
},
"quantity": {
"format": "int32",
"type": "integer"
},
"widthInMm": {
"format": "int32",
"type": "integer"
},
"heightInMm": {
"format": "int32",
"type": "integer"
},
"ePackingType": {
"enum": [
"NotApplicable",
"PipeRack",
"LwBVan",
"VanTray",
"Car",
"CarryBag"
],
"type": "string",
"x-ms-enum": {
"name": "FramePackTypeEnum",
"modelAsString": false
}
},
"userEmail": {
"type": "string"
}
}
}
Here is the command line I am running
autorest --input-file=.\myswagger.json --output-folder=generated --csharp --namespace=DDD --debug
Some links which the author, Kirsten Greed, put in comments:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore#schema-filters
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/1766
https://stackoverflow.com/questions/63857310/could-not-find-a-part-of-the-path-d-dev-swashbuckle-aspnetcore-src-swashbuckle
From your swagger.json we can see the validation shows:
https://validator.swagger.io/validator/debug?url=https://raw.githubusercontent.com/heldersepu/hs-scripts/master/swagger/63783800_swagger.json
{
"schemaValidationMessages": [
{
"level": "error",
"domain": "validation",
"keyword": "oneOf",
"message": "instance failed to match exactly one schema (matched 0 out of 2)",
"schema": {
"loadingURI": "http://swagger.io/v2/schema.json#",
"pointer": "/definitions/parametersList/items"
},
"instance": {
"pointer": "/paths/~1api~1FrameLookUp/post/parameters/0"
}
}
]
}
that lead us to your code:
that type: "String" should be: type: "string" with all lower case the error goes away
I am attempting to build a small web application for our internal team to use to view our CloudWatch logs. Right now I'm very early in development and simply trying to access the logs via Postman using https://logs.us-east-1.amazonaws.com as specified in the AWS API official documentation.
I have followed the steps to set up my POST request to the endpoint with the following headers:
Postman Generated Headers
Also, in following with the documentation I have provided the Action in the body of this post request:
{"Action": "DescribeLogGroups"}
Using the AWS CLI this works fine and I can see all my logs groups.
When I send this request to https://logs.us-east-1.amazonaws.com I get back:
{
"Output": {
"__type": "com.amazon.coral.service#UnknownOperationException",
"message": null
},
"Version": "1.0"
}
The status code is 200.
Things I have tried:
Removing the body of the request altogether -> results in "internal server error"
appending /describeloggroups to the URL with no body -> results in "internal server error"
I'm truly not sure what I'm doing wrong here.
Best way is to set the X-Amz-Target header to Logs_20140328.DescribeLogGroups.
Here is an example request: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html#API_DescribeLogGroups_Example_1_Request
Below is a Postman collection you can try. Save it as a file and import into Postman with File -> Import. It also requires you to set credential and region variables in postman.
{
"info": {
"name": "CloudWatch Logs",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "DescribeLogs",
"request": {
"auth": {
"type": "awsv4",
"awsv4": [
{
"key": "sessionToken",
"value": "{{SESSION_TOKEN}}",
"type": "string"
},
{
"key": "service",
"value": "logs",
"type": "string"
},
{
"key": "region",
"value": "{{REGION}}",
"type": "string"
},
{
"key": "secretKey",
"value": "{{SECRET_ACCESS_KEY}}",
"type": "string"
},
{
"key": "accessKey",
"value": "{{ACCESS_KEY_ID}}",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"warning": "This is a duplicate header and will be overridden by the Content-Type header generated by Postman.",
"key": "Content-Type",
"type": "text",
"value": "application/json"
},
{
"key": "X-Amz-Target",
"type": "text",
"value": "Logs_20140328.DescribeLogGroups"
},
{
"warning": "This is a duplicate header and will be overridden by the host header generated by Postman.",
"key": "host",
"type": "text",
"value": "logs.{{REGION}}.amazonaws.com"
},
{
"key": "Accept",
"type": "text",
"value": "application/json"
},
{
"key": "Content-Encoding",
"type": "text",
"value": "amz-1.0"
}
],
"body": {
"mode": "raw",
"raw": "{}"
},
"url": {
"raw": "https://logs.{{REGION}}.amazonaws.com",
"protocol": "https",
"host": [
"logs",
"{{REGION}}",
"amazonaws",
"com"
]
}
},
"response": []
}
],
"protocolProfileBehavior": {}
}
Try copying this into a json file and import it in Postman and add the missing variables.
I tried to get a DescribeLogGroups in the service "logs". Look in the docs here
https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html#API_DescribeLogGroups_Example_1_Request
for more information about the headers and body.
PS: Session token is optional, I didn't need it in my case
Hope it works for anyone who
{
"info": {
"_postman_id": "8660f3fc-fc6b-4a71-84ba-739d8b4ea7c2",
"name": "CloudWatch Logs",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "DescribeLogs",
"request": {
"auth": {
"type": "awsv4",
"awsv4": [
{
"key": "service",
"value": "{{AWS_SERVICE_NAME}}",
"type": "string"
},
{
"key": "region",
"value": "{{AWS_REGION}}",
"type": "string"
},
{
"key": "secretKey",
"value": "{{AWS_SECRET_ACCESS_KEY}}",
"type": "string"
},
{
"key": "accessKey",
"value": "{{AWS_ACCESS_KEY_ID}}",
"type": "string"
},
{
"key": "sessionToken",
"value": "",
"type": "string"
}
]
},
"method": "POST",
"header": [
{
"key": "X-Amz-Target",
"value": "Logs_20140328.DescribeLogGroups",
"type": "text"
},
{
"key": "Content-Encoding",
"value": "amz-1.0",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "https://{{AWS_SERVICE_NAME}}.{{AWS_REGION}}.amazonaws.com",
"protocol": "https",
"host": [
"{{AWS_SERVICE_NAME}}",
"{{AWS_REGION}}",
"amazonaws",
"com"
]
}
},
"response": []
}
]
}
As per my understanding the User/login is a built-in remote method. On the explorer (swagger) its looks with all the needed details:
but on mine remote method, i don't have all the nice information such example and more:
How can i add Example Value also for my method which accept Object
Here is my json:
"methods": {
"specifyGurdianPhone": {
"accepts": [
{
"arg": "guardianPhone",
"type": "Object",
"required": true,
"description": "{guardianPhone: \"+97255111111\"}",
"http": {
"source": "body"
}
}
],
"returns": [
{
"arg": "success",
"type": "Object",
"root": true
}
],
"description": "",
"http": {
"verb": "post"
}
It's because your param and response has "object" type. Swagger doesn't know how it looks like. To have such view you need specify model names as the type or describe possible properties one by one.
Example1:
{
"specifyGurdianPhone": {
"accepts": [
{
"arg": "guardianPhone",
"type": "string", // !!! Now, swagger know the exact type of "guardianPhone" property
"required": true
"http": {
"source": "form" // !!! Having the "form" here we say that it a property inside an object
// (it allows us to have the "string" type of the "object")
}
}
],
"returns": [
{
"arg": "success",
"type": "GuardianPhone", // !!! For example, let's return the full "GuardianPhone" instance
"root": true
}
],
"description": "",
"http": {
"verb": "post"
}
}
Example2:
{
"specifyGurdianPhone": {
"accepts": [
{
"arg": "guardianPhone",
"type": "object",
"model": "GuardianPhone" // !!! Another way to let swagger know the type of the body
// (the same will be true, if you make the type "GuardianPhone" instead of "object" and delete "model" property)
"required": true
"http": {
"source": "body"
}
}
],
"returns": [
{
...
]
}
Example3:
{
"specifyGurdianPhone": {
"accepts": [
{
"arg": "guardianPhone",
"type": "object",
"model": "GuardianPhone" // !!! Another way to let swagger know the type of the body
// (the same will be true, if you make the type "GuardianPhone" instead of "object" and delete "model" property)
"required": true
"http": {
"source": "body"
}
}
],
"returns": [
{
"arg": "success",
// !!! Instead of a model name you can describe properties one by one,
// but this trick will not work with arrays (it's true for "accepts" also)
// !!! WARNING You need strong-remoting v3.15.0 or higher due to https://github.com/strongloop/loopback/issues/3717 for this approach
"type": {
"id": {"type": "string", "description": "An id property"},
"guardianPhone": {"type": "string"}
},
"root": true
}
],
"description": "",
"http": {
"verb": "post"
}
}
I am creating and publishing APIs using WSO2 REST APIs and not from its UI because i have hundreds of WSO2 APIs to manage. I use swagger file(in json format) to configure all the details about my API and then publish this swagger file using curl command. I want to enable CORS configuration for my WSO2 APIs.
The documentation provided for WSO2 APIs provides information only about enabling CORS config via UI. Here is the link.
I could not find any info as to how i can enable it by any means other than directly from its UI. I have tried adding the following field in the API's swagger file but this change is not reflected in the published API.
"CORSConfiguration": {
"Enabled": "true",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,PATCH,OPTIONS",
"Access-Control-Allow-Headers": "authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction",
"Access-Control-Allow-Credentials": "false"
}
Any help to enable the CORS configuration for a particular API will be appreciated. Thanks :)
CORS information should go in the API create/update payload like this.
"corsConfiguration": {
"accessControlAllowOrigins": ["*"],
"accessControlAllowHeaders": [
"authorization",
"Access-Control-Allow-Origin",
"Content-Type",
"SOAPAction"
],
"accessControlAllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"PATCH",
"OPTIONS"
],
"accessControlAllowCredentials": false,
"corsConfigurationEnabled": false
}
See the sample payload in [1].
[1] https://docs.wso2.com/display/AM260/apidocs/publisher/#!/operations#APIIndividual#apisPost
#Bee, here is what i tried to do.
{
"swagger": "2.0",
"info": {
"description": "Registration Type Master",
"version": "1.0",
"title": "Test_Entity_Master_API",
"termsOfService": "urn:tos",
"contact": {"name":"RD"},
"license": {
"name": "Apache 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0"
}
},
"host": "http://sampleurl.com/",
"basePath": "/samplemethod",
"schemes": [
"http"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/regtype/createregtype": {
"post": {
"summary": "Create reg type entry",
"tags": [
"Registration Type Master"
],
"deprecated": false,
"produces": [
"application/json"
],
"parameters": [
{
"name": "Body",
"in": "body",
"required": true,
"description": "",
"schema": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
}
],
"responses": {
"200": {
"description": "",
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean"
},
"error": {
"type": "boolean",
"default": false
},
"message": {
"type": "string"
},
"data": {
"type": "object"
}
}
}
},
"500": {
"description": "",
"schema": {
"type": "object",
"properties": {
"success": {
"type": "boolean",
"default": false
},
"error": {
"type": "boolean"
},
"message": {
"type": "string"
},
"data": {
"type": "object"
}
}
}
}
}
}
}
},
"tags": [
{
"name": "entity-master-controller",
"description": "Entity Master Controller"
}
],
"corsConfiguration": {
"accessControlAllowOrigins": ["https://dtdevsso.ril.com"],
"accessControlAllowHeaders":[
"authorization",
"Access-Control-Allow-Origin",
"Content-Type",
"SOAPAction"
],
"accessControlAllowMethods":[
"GET",
"PUT",
"POST",
"DELETE",
"PATCH",
"OPTIONS"
],
"accessControlAllowCredentials": "true",
"corsConfigurationEnabled": "true"
}
}
In this swagger file, inspite of adding the CORS payload, it is not reflected after publishing the API through the swagger file.
To setup CORS support you must first define an OPTIONS method in your resource that returns the required headers.
All paths in swagger need a cors option chunk. this is the chunk.
"/users":
{
"options": {
"summary": "CORS support",
"description": "Enable CORS by returning correct headers\n",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"CORS"
],
"x-amazon-apigateway-integration": {
"type": "mock",
"requestTemplates": {
"application/json": "{\n \"statusCode\" : 200\n}\n"
},
"responses": {
"default": {
"statusCode": "200",
"responseParameters": {
"method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'*'",
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"responseTemplates": {
"application/json": "{}\n"
}
}
}
},
"responses": {
"200": {
"description": "Default response for CORS method",
"headers": {
"Access-Control-Allow-Headers": {
"type": "string"
},
"Access-Control-Allow-Methods": {
"type": "string"
},
"Access-Control-Allow-Origin": {
"type": "string"
}
}
}
}
}
}
For more details you can visit this link
I used the following payload for creating/updating an API in WSO2.
It is working perfectly. Sorry for the delayed update on this.
{
"name": "%apiName%",
"description": "%apiDescription%",
"context": "/%apiName%",
"version": "%apiVersion%",
"provider": "%apiProvider%",
"apiDefinition": "%swaggger_extended.json% // Input swagger file",
"wsdlUri": null,
"status": "CREATED",
"responseCaching": "Disabled",
"cacheTimeout": 300,
"destinationStatsEnabled": false,
"isDefaultVersion": false,
"type": "HTTP",
"transport": [
"http",
"https"
],
"tags": ["%apiTags%"],
"tiers": ["%apiTiersCollection%"],
"visibility": "%apiVisibility%",
"visibleRoles": [],
"endpointConfig": "%endPointConfig%",
"gatewayEnvironments": "Production and Sandbox",
"subscriptionAvailability": null,
"subscriptionAvailableTenants": [],
"businessInformation": {
"businessOwnerEmail": "%BizOwnerName#ril.com%",
"technicalOwnerEmail": "%TechOwnerName#ril.com%",
"technicalOwner": "%TechOwnerName%",
"businessOwner": "%BizOwnerName%"
},
"corsConfiguration": {
"accessControlAllowOrigins": ["originURL"],
"accessControlAllowHeaders": [
"authorization",
"Access-Control-Allow-Origin",
"Content-Type",
"SOAPAction"
],
"accessControlAllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"PATCH",
"OPTIONS"
],
"accessControlAllowCredentials": false,
"corsConfigurationEnabled": true
}
}