API Protections enhancement in April 2022

Review the information below to understand how request parameters constraints are applied after API Definitions update.
The changes may impact your registered APIs for which you defined parameters in the API request.

Example:

Let's assume one of your endpoints is https://sample-api/cases/{caseId} and you decided that {caseId} is a number.

45567 and 45567.1 are numbers so the requests to the API with this parameter are accepted. In other cases a request constraint violation is triggered.

Sample request

After April 2022

https://sample-api/cases/45567

No constraints

https://sample-api/cases/"45567"

API_DATA_TYPE_CONSTRAINT

https://sample-api/cases/'45567'

API_CONTENT_TYPE_CONSTRAINT

https://sample-api/cases/45567.1

No constraints

https://sample-api/cases/"45567.1"

API_DATA_TYPE_CONSTRAINT

https://sample-api/cases/'45567.1'

API_CONTENT_TYPE_CONSTRAINT

Below you can see the full information about what input is accepted when you define a specific type of parameter.

When you set request body content type to JSON object

Parameter data type

Sample input

Is the input allowed?

number

1

"1"

x

'1'

x

1.2

"1.2"

x

'1.2'

x

Parameter data type

Sample input

Is the input allowed?

string

1

x

"1"

'1'

x

1.2

x

"1.2"

'1.2'

x

true

x

True

x

TRUE

x

"true"

'true'

x

Parameter data type

Sample input

Is the input allowed?

integer

1

"1"

x

'1'

x

1.2

x

"1.2"

x

'1.2'

x

Parameter data type

Sample input

Is the input allowed?

boolean

true

True

tRue

TRUE

"true"

x

'true'

x

When you set request body content type to XML object

The situation with number, integer and boolean is the same as when the request body content type is JSON, but it's different in case of string.

Parameter data type

Sample input

Is the input allowed?

string

1

"1"

'1'

1.2

"1.2"

'1.2'

true

True

TRUE

"true"

'true'


Did this page help you?