Section – API Enforcement
Section API Enforcement
Enforce API
Specifies whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI 3.0 or JSON format. If enforced is enabled, non-conform traffic will be blocked.
API specifications can be uploaded via Submenu – API Security.
Path Matching
Default value: Client view
The Gateway mapping can be configured to rewrite the incoming URL to a different back-end URL (asymmetric mappings). Due to this rewriting, the incoming URL path (Client view) will be different from the back-end URL path (Back-end view).
Select either Client view or Back-end view to match the URL path according to the path in your API specifications.
Check responses against API specification
Enable or disable responses check.
Log only
If enabled potential attack requests are only logged but not blocked.
Select the specification to validate against.
Offer API specification file publicly
Allow clients to download the API specification.
File path and name
File path and name at which the API specification will be available externally. Note that the entry path will be added in front of it.