Section – API Enforcement

Section API Enforcement

Enforce API

Specifies whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI 3.0 or JSON format. If enforced is enabled, non-conform traffic will be blocked.

API specifications can be uploaded via Submenu – API Security.

Path Matching

Default value: Client view

The Gateway mapping can be configured to rewrite the incoming URL to a different back-end URL (asymmetric mappings). Due to this rewriting, the incoming URL path (Client view) will be different from the back-end URL path (Back-end view).

Select either Client view or Back-end view to match the URL path according to the path in your API specifications.

Check responses against API specification

Enable or disable responses check.

Log only

If enabled potential attack requests are only logged but not blocked.


Select the specification to validate against.

Offer API specification file publicly

Allow clients to download the API specification.

File path and name

File path and name at which the API specification will be available externally. Note that the entry path will be added in front of it.