Posted: 6 May 2020 16:32 EDT Last activity: 14 May 2020 17:55 EDT
How to validate payload of inbound service request
we have an API which is exposed to external systems to create cases in pega . Can we do basic validation of Payload ( XML/ JSON) before it is mapping to pega data layer?
There are four different formats of json requests to create different types of cases in pega. If any unwanted/unrelated tag comes in the request then system should say it as bad request .we can't relay on upstream systems to send the request in correct format.
we have certain white list elements that should suppose to be allowed only for particular case creation request . As per below example :- officer details comes in the request of support case then we should reject it .
t it can be done using validate rule but it's become more element specific validation and need to impost more conditions in validate rules. Is there any better way to validate MyServicePage against whitelist elements ?
Since this operation has to be invoked in inbound service call context so Is there any effective way of removing properties from tempPage by comparing property definition with whitelist ?. How to initiate iterator on page to check each element one by one automatically ?.
The current version of pxComparePages does the same thing but it returns resultspage only for scalar properties (top level properties) .
Posted: 1 year ago
Posted: 14 May 2020 17:55 EDT
David Picariello (picada)
Sr. Manager, Software Engineering
pxComparePages uses this white and black listing technique that I'm suggeting to remove or copy properties from a temp clipboard page but the magic happens down in the engine and is used specifically for comparing values of properties, not for your use case.
To your original question:
> Is there any better way to validate MyServicePage against whitelist elements ?
You could also consider just making sure that the only properties that are valid for that class are available to particular class. So, for example, if the property .CustomerName shouldn't be in a request of type "Anonymous request" make sure that property doesn't exist for that integration class. Then you should be able to just validate all pages and you'll get messages for properties that don't exist for that class. This could require you to have the same property defined in multiple classes, which isn't the best, but might not be a show-stopper if you use directed inheritance a bit.