Azure API Management: Unable to define POST API with formdata - azure

I am completely new to Azure management. I have a POST API to map to frontend and expose.
I have tried the Blank API option and tried to define a API in front end side and backend side.
The API I developed is a POST one, which needs a request body of type FORM-DATA and need a multipart file to be uploaded.
I am not sure how this is configured in the AZURE System. I am getting an error, since it is not hitting the backend.
enter image description here
enter image description here

Related

Azure POST request redirect using Azure services

Hello I am trying to deploy my Azure Machine Learning pipeline with a REST endpoint. My problem is that I was able to generate an endpoint but has some sensitive information in it (ex: subscription id, resource group, etc). How can I generate a URL that forwards the request body to my Azure ML REST endpoint?
also, here is an approach I've done:
Used Application Gateway Redirect (this approach didn't forward the request body. It instead turned my POST request into a GET request when it redirected to the correct URL.)

The issue is raised because of some of the default security headers dependent on REST API and web based. Need to set the REST API CSP HEADER. Check the request and response headers in config file of the web application.

How to Secure SOAP Endpoint without Front end App Authtication

I have come across a challenge for that I need your opinion. We have a Front-end app in Vue that is publicly open and doesn't authenticate users through Login, the app doesn't have a backend. Currently, the app has a JSON data file that we manually update monthly. Based on my research and knowledge I have come to the conclusion, we can't put our SOAP web service endpoint with credentials since everyone will see the service user name and password in the browser. Even though the data is publicly displayed on the app but we want to secure the SOAP web service endpoint and credentials.
Currently, I only see two options:
We build the backend and authenticate(Login) the user in the app.
Build a backend (Node and Express server with Loopback) that consumes that SOAP service and converts that data in JSON format and consumes that data through Publicly open REST API endpoint with Read-Only option and only allow frontend app IP or Address to request data and reject the other IP request.
Both methods require the backend to secure the SOAP endpoint but the second option reduces the frontend work since it will convert the data from XML to JSON, my concern with this option is that it will be an open endpoint in REST API, can that jeopardize the SOAP credentials?
This is the Loopback diagram converting SOAP to REST.
I would like to know if anyone else has another idea or option to resolve this or do you see a problem with the above methods.

"TypeError: failed to fetch" for api calls in Wso2 apim store

I have an nodejs api which gives a valid response in postman/browser. Tried to add the api in WSO2 api manager and followed the steps in the tutorials to succesfully publish the api in API Manager. But when created an product and using an auth token to call the created API getting the failed to fetch error as below:
Have tried enabling cors which didnt solve the issue. The api from the apim store isnt hitting the node server api.

Copy and run that URL in a browser tab and accept the certificate. Then try again. It should work.

Support for multipart/form-data in Azure developer portal

On an Azure subscription I've created an API Gateway, in which I registered an API that expose a method that accept in input a multipart/form-data request.
As can be seen in the following image, the API gateway developer portal, shows the correct content-type but the body is a simple texbox.
Instead, the swagger autogenerated by the API, shows the input disposition correctly as can be seen in the following image.
There is any way to force the API Gateway developer portal to show the input params correctly?

Why would my API App swagger be unavailable to my Azure App Service Logic App?

I have created a simple api with a test controller and published it as an Azure Api App. I have public (anonymous) access enabled, the swagger ui works well in the browser and the swagger validates correctly, and I have added to it the default response setting that Logic Apps require.
When I try to add the Api App to my Logic App, however, I encounter a fault: "Error fetching swagger api definition".
If I try to browse the API definition in the portal I encounter another fault "Cannot get the API definition. It may require additional configuration or authentication on the API app."
If I try to download the swagger data from the portal link this fails with Http 400: Bad Request.
What am I missing here and how do I get this simple Api App working in the portal?
Public URI: https://microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net
Swagger UI: https://microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net/swagger/ui/index
Raw Swagger:
{"swagger":"2.0","info":{"version":"v1","title":"PE.Services.Idml"},"host":"microsoft-apiappf6c70a179b1b408c99e3f2536467ff39.azurewebsites.net:443","schemes":["https"],"paths":{"/api/ToEpl":{"get":{"tags":["ToEpl"],"operationId":"ToEpl_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}},"default":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}}},"deprecated":false},"post":{"tags":["ToEpl"],"operationId":"ToEpl_Post","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","schema":{"$ref":"#/definitions/Object"}},"default":{"description":"OK","schema":{"$ref":"#/definitions/Object"}}},"deprecated":false}},"/api/ToEpl/{id}":{"get":{"tags":["ToEpl"],"operationId":"ToEpl_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"default":{"description":"OK","schema":{"type":"string"}}},"deprecated":false},"put":{"tags":["ToEpl"],"operationId":"ToEpl_Put","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"},{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false},"delete":{"tags":["ToEpl"],"operationId":"ToEpl_Delete","consumes":[],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"204":{"description":"No Content"}},"deprecated":false}},"/api/Values":{"get":{"tags":["Values"],"operationId":"Values_Get","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}},"default":{"description":"OK","schema":{"type":"array","items":{"type":"string"}}}},"deprecated":false},"post":{"tags":["Values"],"operationId":"Values_Post","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false}},"/api/Values/{id}":{"get":{"tags":["Values"],"operationId":"Values_GetById","consumes":[],"produces":["application/json","text/json","application/xml","text/xml"],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"default":{"description":"OK","schema":{"type":"string"}}},"deprecated":false},"put":{"tags":["Values"],"operationId":"Values_Put","consumes":["application/json","text/json","application/xml","text/xml","application/x-www-form-urlencoded"],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"},{"name":"value","in":"body","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content"}},"deprecated":false},"delete":{"tags":["Values"],"operationId":"Values_Delete","consumes":[],"produces":[],"parameters":[{"name":"id","in":"path","required":true,"type":"integer","format":"int32"}],"responses":{"204":{"description":"No Content"}},"deprecated":false}}},"definitions":{"Object":{"type":"object","properties":{}}}}

I think this is because you have two routes with the same operationId (ToEpl_Get).
There are a few mitigations
Since Swashbuckle derives this from the action name in your api controller…you can change one of your action names…e.g. GetById instead of Get
Alternatively, the way to change operation id is to go to the SwaggerConfig.cs file add add a custom operation filter. The operation filter extension point will give you access to the operation and to change the id.
So sorry for the inconvenience, and we will be making our error reporting better soon.

Resources