IBM Support

JR53515: REST API discovery is enabled by default in runtime environments

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • REST API discovery is enabled by default in WebSphere Commerce
Developer and runtime environments. However, it should be
disabled by default in runtime environments. API discovery is
 a convenience feature for development, but might not be
required in production. Development tools, including Swagger UI,
 that depend on API discovery to function might not be suitable
to be run in a production system.

Local fix

  • 



Problem summary


    

  • USERS AFFECTED:
WebSphere Commerce Version 7 users on Feature Pack 8 or higher
who use REST services.

PROBLEM ABSTRACT:
REST API discovery is enabled by default in runtime
environments.

BUSINESS IMPACT:
Customers might not require REST API discovery in their runtime
environments.

RECOMMENDATION:

    



Problem conclusion


    

  • The REST API discovery flag ("ApiDiscoveryEnabled") in the
component configuration file for com.ibm.commerce.foundation-fep
 is set to false by default when this fix is applied to runtime
environments. In WebSphere Commerce Developer environments, the
flag is set to true.

To re-enable REST API discovery in runtime environments, extend
the component configuration file and set the value of the
ApiDiscoveryEnabled flag to true. For more information, see
http://www-01.ibm.com/support/knowledgecenter/api/content/SSZLC2
_7.0.0/com.ibm.commerce.webservices.doc/tasks/tsdwccomponentrest
.htm

The REST API discovery flag now provides access control to The
Swagger UI. If API discovery is disabled, when a user attempts
to access the Swagger UI URL, a 403 response code will be
returned.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR53515
    • 

  • Reported component name
    WC BUS EDITION
    • 

  • Reported component ID
    5724I3800
    • 

  • Reported release
    700
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-06-03
    • 

  • Closed date
    2015-06-24
    • 

  • Last modified date
    2015-06-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WC BUS EDITION
    • 

  • Fixed component ID
    5724I3800
    • 



Applicable component levels


    

  • R700  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback