Version 2021
Set different API parameter length validation rules in different server deployments
parameterLengthConfig is a configuration for defining validation rules for minimum and maximum parameter length in APIs using MicroStrategy Identity server. It provides the capability to set different API parameter validation rules in different server deployments.
Use Case
Let's examine a sample use case for this functionality In this use case, you work for a car manufacturer that is using MicroStrategy Identity as an identity provider. You have a different Identity server deployment in North America versus Europe. You have an API called, "register_vehicle" for registering vehicle identification numbers. This API requests a parameter for a VIN string. An empty VIN string is accepted in North America. However, an empty VIN string should be denied in Europe. You can use ParameterLengthConfig to fulfill this requirement.
Configuration
| Configuration Name | Default Value | Expected Server Behavior |
|---|---|---|
| parameterLengthConfig | {"min":{"iotId":0},"max":{"iotId":255}} | Same as before the 2020 Update 2 (11.2.2) release |
Expected behavior for ParameterLengthConfig
| Configuration Value | Scenarios | Expected Behavior |
|---|---|---|
| {"min":{"iotId":0},"max":{"iotId":255}} | Register vehicle with empty VIN | Success |
| {"min":{"iotId":1},"max":{"iotId":255}} | Register vehicle with empty VIN | 400 Invalid Input |
To use this feature:
- Stop the server.
-
Log into the database instance using an database access tool you prefer. Navigate to the corresponding configuration in the database and modify the value. A SQL example is shown below.
CopySET @config_name = 'parameterLengthConfig';
SET @config_value = '{"min":{"iotId":1},"max":{"iotId":255}}';
UPDATE usher_config SET value = @config_value WHERE config_metadata_id = (SELECT id FROM usher_config_metatada WHERE name = @config_name); - Restart the server for the new configuration to take effect.