From 793ef72fc6cbce41eacad71ef00d540d6ed13002 Mon Sep 17 00:00:00 2001 From: Eric Murray Date: Tue, 7 Nov 2023 17:25:15 +0000 Subject: [PATCH 1/2] Update API-design-guidelines.md --- documentation/API-design-guidelines.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/documentation/API-design-guidelines.md b/documentation/API-design-guidelines.md index d4f14cff..9f891d56 100644 --- a/documentation/API-design-guidelines.md +++ b/documentation/API-design-guidelines.md @@ -769,11 +769,13 @@ Next, it is specified how it should be used according to the filtering based on With the aim of standardizing the request observability and traceability process, common headers that provide a follow-up of the E2E processes should be included. The table below captures these headers. -| Name | Description | Type | Pattern | Longitude | Location | Required by API Caller | Required in OAS Definition | Example | +| Name | Description | Type | Pattern | Longitude | Location | Required by API Consumer | Required in OAS Definition | Example | |---|---|---|---|---|---|---|---|---| | `X-Version` | Service version description to help observability process | String| N/A | | Request | No | No | | | `X-Correlator`| Service correlator to make E2E observability | String | UUID (8-4-4-4-12) | Max 36 | Request/Response | No | No | b4333c46-49c0-4f62-80d7-f0ef930f1c46 | +When the API Consumer includes the "X-Correlator" header in the request, the API provider must include it in the response. Otherwise, it is optional to include the "X-Correlator" header in the response. + ## 10. Security One of the key points in the API definition process is to specify and validate the security needs that will be maintained to guarantee data integrity and access control. There are multiple ways to secure a RESTful API, e.g. basic authentication, OAuth, etc., but one thing is for sure: RESTful APIs should be stateless, so authentication/authorization requests should not rely on cookies or sessions. Instead, each API request must come with some form of authentication credentials that must be validated on the server for each request. From 0f7348c3f34823b406d3e1258c66168790b4dad1 Mon Sep 17 00:00:00 2001 From: Eric Murray Date: Wed, 8 Nov 2023 10:13:20 +0000 Subject: [PATCH 2/2] Update API-design-guidelines.md --- documentation/API-design-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/API-design-guidelines.md b/documentation/API-design-guidelines.md index 9f891d56..e29b72af 100644 --- a/documentation/API-design-guidelines.md +++ b/documentation/API-design-guidelines.md @@ -774,7 +774,7 @@ With the aim of standardizing the request observability and traceability process | `X-Version` | Service version description to help observability process | String| N/A | | Request | No | No | | | `X-Correlator`| Service correlator to make E2E observability | String | UUID (8-4-4-4-12) | Max 36 | Request/Response | No | No | b4333c46-49c0-4f62-80d7-f0ef930f1c46 | -When the API Consumer includes the "X-Correlator" header in the request, the API provider must include it in the response. Otherwise, it is optional to include the "X-Correlator" header in the response. +When the API Consumer includes the "X-Correlator" header in the request, the API provider must include it in the response with the same UUID as was used in the request. Otherwise, it is optional to include the "X-Correlator" header in the response with any valid (preferably randomly chosen) UUID. ## 10. Security