IBM Support

JR53515: REST API discovery is enabled by default in runtime environments

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • REST API discovery is enabled by default in WebSphere Commerce
    Developer and runtime environments. However, it should be
    disabled by default in runtime environments. API discovery is
     a convenience feature for development, but might not be
    required in production. Development tools, including Swagger UI,
     that depend on API discovery to function might not be suitable
    to be run in a production system.
    

Local fix

Problem summary

  • USERS AFFECTED:
    WebSphere Commerce Version 7 users on Feature Pack 8 or higher
    who use REST services.
    
    PROBLEM ABSTRACT:
    REST API discovery is enabled by default in runtime
    environments.
    
    BUSINESS IMPACT:
    Customers might not require REST API discovery in their runtime
    environments.
    
    RECOMMENDATION:
    

Problem conclusion

  • The REST API discovery flag ("ApiDiscoveryEnabled") in the
    component configuration file for com.ibm.commerce.foundation-fep
     is set to false by default when this fix is applied to runtime
    environments. In WebSphere Commerce Developer environments, the
    flag is set to true.
    
    To re-enable REST API discovery in runtime environments, extend
    the component configuration file and set the value of the
    ApiDiscoveryEnabled flag to true. For more information, see
    http://www-01.ibm.com/support/knowledgecenter/api/content/SSZLC2
    _7.0.0/com.ibm.commerce.webservices.doc/tasks/tsdwccomponentrest
    .htm
    
    The REST API discovery flag now provides access control to The
    Swagger UI. If API discovery is disabled, when a user attempts
    to access the Swagger UI URL, a 403 response code will be
    returned.
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR53515

  • Reported component name

    WC BUS EDITION

  • Reported component ID

    5724I3800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-06-03

  • Closed date

    2015-06-24

  • Last modified date

    2015-06-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WC BUS EDITION

  • Fixed component ID

    5724I3800

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
11 December 2021