MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

Hello Muleys,

Here's another interesting article on how to restrict additional queryParams and headers that are sent other than those defined in RAML. 

We all do the test if the required parameters are working fine or not but we forget to test if unnecessary parameters sent along with required parameters. 

What happens if unwanted parameters are sent?

There are chances that attackers might send some thousands of queryParams and Headers with large content. In that case, your application will crash. So what to do?

Here's the solution:

I have designed a basic RAML with the below resource :

MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

When you download the RAML and generate flows,

There's an option to restrict additional parameters or headers in APIkit Router Module configuration :

MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

By default the configuration is disabled. You have to enable the strict validation config as below:

MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

Now your application will not be allowed to pass additional fields:

MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

Removing unnecessary fields will give a successful response:

MuleSoft APIkit Router - QueryParam and Header Strict Validation Configuration

Check out this video for the live demo:


 

 

 

 

Top