Can we whitelist the parameters of an API call?

Support Installation and Deployment
, ,
1

Hello :slightly_smiling_face:
Can we whitelist the parameters of an API call?
This is the API that Iā€™m using to test.

Example:

http://localhost:8080/cbws?operation=getchallenge&username=admin

This is the API definition file.

{
	"name":"coreBOS WS",
	"slug":"cbws",
	"api_id":"3",
	"org_id":"4",
	"use_keyless":true,
	"definition":{
	   "location":"header",
	   "key":"x-api-version"
	},
	"version_data":{
	   "not_versioned":true,
	   "versions":{
		  "Default":{
			 "name":"Default",
			 "use_extended_paths":true,
			 "extended_paths":{
				"white_list":[
				   {
					  "path":"operation=getchallenge&username=admin",
					  "method_actions":{
						 "GET":{
							"action":"reply",
							"code":200,
							"data":"['data']",
							"headers":{
							   
							}
						 }
					  }
				   }
				]
			 }
		  }
	   }
	},
	"proxy":{
	   "listen_path":"/cbws",
	   "target_url":"http://172.17.0.1/flowbpm/webservice.php",
	   "strip_listen_path":true
	},
	"active":true
 }

Also, I tried by putting the path using the Unicode characters:

"path":"operation\u003Dgetchallenge\u0026username\u003Dadmin"
2

Hi @xhilda.shazivari

You can use the ā€œignoreā€ setting in the Endpoint Designer. It will bypass authentication for certain endpoints/Path.

Kindly see more details in this link ā€“ >
https://tyk.io/docs/advanced-configuration/transform-traffic/endpoint-designer/#ignore

Mixing access methods within an API is not possible though.

Let me know if this helps.