MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration
Hello Muleys,
Here's another interesting article on how to restrict additional queryParams and headers that are sent other than those defined in RAML.
We all do the test if the required parameters are working fine or not but we forget to test if unnecessary parameters sent along with required parameters.
What happens if unwanted parameters are sent?
There are chances that attackers might send some thousands of queryParams and Headers with large content. In that case, your application will crash. So what to do?
Here's the solution:
I have designed a basic RAML with the below resource :
When you download the RAML and generate flows,
There's an option to restrict additional parameters or headers in APIkit Router Module configuration :
By default the configuration is disabled. You have to enable the strict validation config as below:
Now your application will not be allowed to pass additional fields:
Removing unnecessary fields will give a successful response:
Check out this video for the live demo: