Add Info Definitions
Add the details for your adapter in the info
section.
The following topics provide the procedure to make some common updates to the
settings
properties:
Restrict Outbound Invocations to Specific Domains
An adapter developer can restrict outbound invocations only to allow-listed domains in order to establish trust with the integration developers who'll use the adapter.
After the developer specifies the allow-listed domains in the adapter definition document, the Rapid Adapter Builder enforces the list to all the outbound invocations, like design-time, runtime, OAuth policies, and so on.
While specifying the domains, ensure that the domains conform to any of the following patterns:
- .<secondLevelDomain>.<topLevelDomain>,
- .<topLevelDomain>,
- Any sub-resource of .<secondLevelDomain>.<topLevelDomain> (eg: *.a.b.c, a.b.c),
- Valid IP,
- Valid IP+Port
Note:
- The Rapid Adapter Builder supports only the wildcard (*) character in the domain name.
- You can specify a maximum of ten domains.
- A generic domain value like * , *.com lowers the security score of the adapter.
Here is an example scenario to understand allowed domains better.
If you are developing an adapter for an application, for example, myDemoApp, the adapter will access the following:
- The application's APIs hosted on the domain,
https://myDemoApp.com
- The API URLs, like
https://auth.myDemoApp.com/v1/token
, orhttps://identity.myDemoApp.com/v1/users
, and so on
Now, if you want to restrict access only to the myDemoApp APIs from the adapter, you can set the allowedDomains
property.
Sample Code:
"info": {
"settings": {
...
"allowedDomains" : ["*.myDemoApp.com"]
}
Allow Non-HTTPS Traffic
By default, the adapters built using the Rapid Adapter Builder allow HTTPS-only outbound calls from the design-time or runtime environments, and according to the defined security policies.
To test an adapter in the development environment, the adapter must also handle HTTP (non-HTTPS) traffic.