Hi all,
An exception “requested endpoint is forbidden” is sometimes thrown by an API. It depends on the sequence of the extended_paths defined in the api. I have an API with the following endpoints:
- configuration (GET)
- configuration (PUT)
- configuration/search(POST)
- configuration/{id}
- configuration/{id}
If the sequence is defined as following, it works correctly:
{
“path”: “/configuration/search”,
“method_actions”: {
“POST”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
{
“path”: “/configuration”,
“method_actions”: {
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
},
“PUT”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
{
“path”: “/configuration/{id}”,
“method_actions”: {
“DELETE”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
},
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
But if the sequence is defined as followings is doesn’t work:
{
“path”: “/configuration”,
“method_actions”: {
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
},
“PUT”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
{
“path”: “/configuration/search”,
“method_actions”: {
“POST”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
{
“path”: “/configuration/{id}”,
“method_actions”: {
“DELETE”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
},
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
},
Can you guys give an explanation why the sequence has an impact on the authorization of an API?
Are you able to reproduce this error in your own environment?
Kind regards,
Tim