IBM Support

PH65995: z/OS Connect does not check API requester required fields are set.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible in next release.

Error description

  • A z/OS API requester application with required request
parameters defined, but not included in the request, was sent
to the z/OS Connect server. The server did not enforce the
required parameters and the request was sent to the API
endpoint.

The missing required parameters were related to API keys and
the API endpoint returned HTTP status code 401 - Unauthorized.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users of z/OS Connect feature            *
*                 oasRequester-1.0 for OpenAPI 3 API           *
*                 requesters.                                  *
****************************************************************
* PROBLEM DESCRIPTION: z/OS Connect does not check API         *
*                      requester required fields are set.      *
****************************************************************
The z/OS Connect server did not enforce the required parameters
defined when the OpenAPI 3 API requester was built. This could
result in requests, which should have been rejected, being sent
to the API endpoint.
The absence of the required parameters could cause the API
requester to fail with unpredictable errors.

    



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • z/OS Connect has been changed to ensure that API requester
required parameters are enforced. Requests that do not contain
the defined required parameters will be rejected by the z/OS
Connect server with an appropriate error message and will not be
sent to the API endpoint.

The fix for this APAR is expected to be delivered by the PTF for
z/OS Connect V3.0.95.0 (PH67003).

    



APAR Information




    

  • APAR number
    PH65995
    • 

  • Reported component name
    Z/OS CONNECT EE
    • 

  • Reported component ID
    5655CE300
    • 

  • Reported release
    000
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2025-04-03
    • 

  • Closed date
    2025-06-30
    • 

  • Last modified date
    2025-06-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    Z/OS CONNECT EE
    • 

  • Fixed component ID
    5655CE300
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSVVFY","label":"z\/OS Connect Enterprise Edition"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"000"}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 June 2025
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback