Skip to content

Commit

Permalink
Merge pull request #170 from camaraproject/x-correlator_support_guide…
Browse files Browse the repository at this point in the history 
…lines_in_notifications

x-correlator_support_guidelines_in_notifications
  • Loading branch information
@rartych
rartych authored Apr 22, 2024
2 parents 2917ddd + 455451d commit a7fa48d
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 2 deletions.
54 changes: 52 additions & 2 deletions artifacts/notification-as-cloud-event.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,14 @@ servers:
default: https://localhost:8080
description: Can be any notification server address sent by the client application
tags:
- name: Cloud Event
- name: CAMARA Cloud Event
description: |
Events received on subscription listener side.
paths:
/your_webhook_notification_url:
post:
tags:
- CAMARA Cloud Event notification endpoint
- CAMARA Cloud Event
summary: "Cloud Event notification endpoint to notify consumer that statement of fact had occurred"
description: |
INFORMATIVE ENDPOINT: The value of this endpoint is freely declared by each client app by means of resource-based
Expand All @@ -73,6 +73,8 @@ paths:
in the triggering of the procedure (resource-based or instance-based). In this way, it represents an absolute
URL, i.e.: notifications won't be sent to /event-notification/vX/your_webhook_notification_url.
operationId: sendEvent
parameters:
- $ref: "#/components/parameters/X-Correlator"
requestBody:
required: true
content:
Expand All @@ -86,12 +88,24 @@ paths:
responses:
201:
description: Created
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
202:
description: Accepted
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
204:
description: No Content
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
200:
description: Ok
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand Down Expand Up @@ -192,10 +206,25 @@ components:
description: Event details payload described in each CAMARA API and referenced by its type
time:
$ref: "#/components/schemas/DateTime"
headers:
X-Correlator:
description: Correlation id for the different services
schema:
type: string
parameters:
X-Correlator:
name: X-Correlator
in: header
description: Correlation id for the different services
schema:
type: string

responses:
Generic400:
description: Problem with the client request
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -206,6 +235,9 @@ components:
message: "Client specified an invalid argument, request body or query param"
Generic401:
description: Authentication problem with the client request
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -216,6 +248,9 @@ components:
message: "Request not authenticated due to missing, invalid, or expired credentials"
Generic403:
description: Client does not have sufficient permission
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -226,6 +261,9 @@ components:
message: "Client does not have sufficient permissions to perform this action"
Generic410:
description: Gone
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -235,6 +273,9 @@ components:
message: "Access to the target resource is no longer available."
Generic415:
description: Unsupported Media Type
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -244,6 +285,9 @@ components:
message: "The specified media type is not supported"
Generic429:
description: Too Many Requests
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -253,6 +297,9 @@ components:
message: "Endpoint does not support as many requests per time slot"
Generic500:
description: Server error
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand All @@ -263,6 +310,9 @@ components:
message: "Server error"
Generic503:
description: Service unavailable. Typically the server is down.
headers:
X-Correlator:
$ref: "#/components/headers/X-Correlator"
content:
application/json:
schema:
Expand Down
2 changes: 2 additions & 0 deletions documentation/API-design-guidelines.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -850,6 +850,8 @@ With the aim of standardizing the request observability and traceability process

When the API Consumer includes the "X-Correlator" header in the request, the API provider must include it in the response with the same value that was used in the request. Otherwise, it is optional to include the "X-Correlator" header in the response with any valid value. Recommendation is to use UUID for values.

In notification scenarios (i.e. POST request sent towards the listener to the `webhook.notificationUrl` indicated), the use of the "X-Correlator" is supported for the same aim as well. When the API request includes the "X-Correlator" header, it is recommended for the listener to include it in the response with the same value as was used in the request. Otherwise, it is optional to include the "X-Correlator" header in the response with any valid value.

## 10. Security

One of the key points in the API definition process is to specify and validate the security needs that will be maintained to guarantee data integrity and access control. There are multiple ways to secure a RESTful API, e.g. basic authentication, OAuth, etc., but one thing is for sure: RESTful APIs should be stateless, so authentication/authorization requests should not rely on cookies or sessions. Instead, each API request must come with some form of authentication credentials that must be validated on the server for each request.
Expand Down

0 comments on commit a7fa48d

Please sign in to comment.