x-42c extensions
The x-42c vendor extensions by to the OpenAPI Specification (OAS) enable you to enrich your OpenAPI definitions with security information for API Firewall and provide additional instructions to other features in 42Crunch API Security Platform. Some x-42c extensions also work on GraphQL extensions.
Available extensions
The extensions can be divided into two main groups:
Extension scope
Extensions can have different scope depending on which level in your OpenAPI definition you add them:
- Global level: The extension applies to the whole API: all paths, operations, and responses.
- Path level: The extension applies to a specific path, including all operations and responses defined in it.
- Operation level: The extension is applied to a specific operation and its responses.
- Response level: The extension is applied to all responses defined for an operation.
- Status level: The extension is applied to a specific HTTP status code or the
defaultresponse.
# ...
paths:
/apis:
x-42c-local-strategy:
x-42c-strategy:
protections:
- x-42c-request-limiter_0.1: # path level
# ...
get:
x-42c-local-strategy:
x-42c-strategy:
protections:
- x-42c-request-limiter_0.1: # operation level
# ...
parameters:
# ...
responses:
x-42c-local-strategy:
x-42c-strategy:
protections:
- x-42c-security-headers_0.1: # response level
# ...
200:
x-42c-local-strategy:
x-42c-strategy:
protections:
- x-42c-security-headers_0.1: # status level
# ...
On GraphQL APIs, any x-42c extensions applicable to them are added as a comment block, with the scope always being the whole API definition:
"""
start customization rules
x-42c-custom-gql-directives-names:
min: minimum
max: maximum
end customization rules
"""
You can combine different extension sections into a single comment block:
"""
start validation framework
x-42c-graphql-validation-framework: graphql-java-extended-validation
end validation framework
start customization rules
x-42c-custom-gql-directives-names:
min: minimum
max: maximum
end customization rules
start examples
x-42c-sample:
mutation-createUser:
user:
avatar_url: "http://somewhere.org/MI6.jpg"
first_name: "James"
full_name: "Bond, James Bond"
last_name: "Bond"
name: "James Bond"
username: "jbond"
end examples
"""