Section – OpenAPI

Section API Enforcement



Enforce API

Specifies whether traffic to/from this service shall be checked against an API specification provided in the OpenAPI 3.0 or JSON format. If enforced is enabled, non-conform traffic will be blocked.

API specifications can be uploaded via Submenu – API Security.


Select the specification to validate against.

Log only

If enabled potential attack requests are only logged but not blocked.

Path Matching

Default value: Client view

The Gateway mapping can be configured to rewrite the incoming URL to a different back-end URL (asymmetric mappings). Due to this rewriting, the incoming URL path (Client view) will be different from the back-end URL path (Back-end view).

Select either Client view or Back-end view to match the URL path according to the path in your API specifications.

Check responses against API specification

Enable or disable responses check.

Offer API specification file publicly

Allow clients to download the API specification.

File path and name

File path and name at which the API specification will be available externally. Note that the entry path will be added in front of it.