Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Future consideration
Workspace API Connect
Created by Guest
Created on Jul 15, 2020

Ability to customize HTTP response code and response body

We have enabled the additional scope check in the IBM API Connect.
This functionality is called “Advanced Scope check” in the documentation. We have defined an external custom scope check in the ‘x-scopeValidate' attribute in our swagger definitions for all the API's that need this functionality. This application also checks whether the consent is still valid and not expired or revoked. In that case, it will return a 200 OK. In any other case, it will return most likely a 401 Unauthorized HTTP status code but other HTTP Status codes are possible.

Because of this, during an API call IBM API connect will call our custom scope check. In the happy flow, the custom scope check returns a 200 OK status code and the API call is redirected to the correct API by the IBM API product. When the consent is expired the custom scope check will return an HTTP response code of 401 to the IBM API Connect. The IBM API Connect will convert this 401 HTTP status code to a 403 HTTP status code and returns this to the API consumer with a static error message in the body.

To be compliant with the PSD2 legislation we need the ability to pass the HTTP status code and body contents directly to the API consumers when the response of the custom scope check is not an HTTP status code of 200. In the above example, we would like to return a 403 HTTP status code with the corresponding body to the API consumer if the custom scope check is returning a 403 HTTP status code.
We want to pass our own exact error message which will be according to the PSD2 specifications. Appending the error message to the current error message returned will break these specifications and confuse the consumers.

Idea priority Urgent
RFE ID 143955
RFE URL
RFE Product IBM API Connect