在我的自动构建/部署环境中,我想使用WSO2 API Publisher Add API调用(请参阅https://docs.wso2.com/display/AM180/Publisher+APIs)
http://<host>:<port>/publisher/site/blocks/item-add/ajax/add.jag
通过提供我的Swagger json API定义文件来添加/更新API,这些文件是使用Swagger 1.2注释从Java Spring @RestController类生成的 .
目前似乎不支持此功能(请参阅待处理的功能请求https://wso2.org/jira/browse/APIMANAGER-3255 - 使用文件或URL引入Publisher API以导入swagger定义) .
但是,有一个未记录的API支持我已成功测试的这个:
https://host:port/publisher/site/blocks/item-design/ajax/add.jag? ... &swagger={<API SWAGGER DEFINITION GOES HERE>}
使用此API是否安全?请详细解释说明/背景/未来计划 .
“安全”定义为:使用未记录的API是否是一种好的做法?如果是,为什么不记录?如果没有,为什么不,使用它有什么风险,副作用是什么,未来升级到WSO2可能会破坏这个API的用户?为什么这个API提供的功能比记录的更多?
例:
https://localhost:9443/publisher/site/blocks/item-design/ajax/add.jag?
name=FOOAPI&
version=1.0.0&
provider=admin&
context=/home&
action=design&
visibility=public&
swagger=
{
"apiVersion":"1.0.0",
"swaggerVersion":"1.2",
"apis":[
{
"file":
{
"apiVersion":"1.0.0",
"basePath":"http://localhost:8280/home/1.0.0",
"resourcePath":"/rest",
"swaggerVersion":"1.2",
"apis":[
{
"path":"/rest/v2/clients",
"operations":[
{
"method":"GET",
"nickname":"getCustomers",
"responseClass":"api_clients",
"parameters":[
{
"name":"firstResult",
"paramType":"query",
"description":"desc",
"dataType":"int",
"allowMultiple":false
},
{
"name":"resultsPerPage",
"paramType":"query",
"description":"desc",
"dataType":"int",
"allowMultiple":false
}
],
"summary":"The clients REST service end point returns a set of clients",
"notes":"The clients REST service end point returns a set of clients",
"errorResponses":[
{
"code":200,
"reason":"Clients found"
},
{
"code":400,
"reason":"Invalid input, returns message body of Errors"
},
{
"code":500,
"reason":"A database error has occurred"
}
],
"produces":[
"application/xml",
"application/json"
],
"consumes":[
"*/*",
"application/xml"
]
}
]
},
"description":"",
"path":"/rest"
}
]
}
1 回答
您的问题的答案因您对“安全”的定义而异 . 我的信息是,所记录的API我们将在即将发布的版本1.9中保持稳定,并且肯定会被计划版本2.0更改 .