API Protections enhancement in April 2022

Review the information below to understand how request parameters constraints are applied after API Definitions update.
The changes may impact your registered APIs for which you defined parameters in the API request.

Example:

Let's assume one of your endpoints is https://sample-api/cases/{caseId} and you decided that {caseId} is a number.

45567 and 45567.1 are numbers so the requests to the API with this parameter are accepted. In other cases a request constraint violation is triggered.

Sample request	After April 2022
`https://sample-api/cases/45567`	No constraints
`https://sample-api/cases/"45567"`	API_DATA_TYPE_CONSTRAINT
`https://sample-api/cases/'45567'`	API_CONTENT_TYPE_CONSTRAINT
`https://sample-api/cases/45567.1`	No constraints
`https://sample-api/cases/"45567.1"`	API_DATA_TYPE_CONSTRAINT
`https://sample-api/cases/'45567.1'`	API_CONTENT_TYPE_CONSTRAINT

Below you can see the full information about what input is accepted when you define a specific type of parameter.

When you set request body content type to JSON object

Parameter data type	Sample input	Is the input allowed?
number	1	✅
	"1"	x
	'1'	x
	1.2	✅
	"1.2"	x
	'1.2'	x

Parameter data type	Sample input	Is the input allowed?
string	1	x
	"1"	✅
	'1'	x
	1.2	x
	"1.2"	✅
	'1.2'	x
	true	x
	True	x
	TRUE	x
	"true"	✅
	'true'	x

Parameter data type	Sample input	Is the input allowed?
integer	1	✅
	"1"	x
	'1'	x
	1.2	x
	"1.2"	x
	'1.2'	x

Parameter data type	Sample input	Is the input allowed?
boolean	true	✅
	True	✅
	tRue	✅
	TRUE	✅
	"true"	x
	'true'	x

When you set request body content type to XML object

The situation with number, integer and boolean is the same as when the request body content type is JSON, but it's different in case of string.

Parameter data type	Sample input	Is the input allowed?
string	1	✅
	"1"	✅
	'1'	✅
	1.2	✅
	"1.2"	✅
	'1.2'	✅
	true	✅
	True	✅
	TRUE	✅
	"true"	✅
	'true'	✅