api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Enforce MIME Type Validation for Documentation Uploads via Publisher REST API

Open DakshithaS opened this issue 8 months ago • 0 comments

Current Limitation

The Publisher REST API currently allows uploading documentation files for both APIs and API Products without validating the MIME type of the uploaded files. This may result in inconsistent handling or unsupported file formats being uploaded

Suggested Improvement

Add MIME type validation during documentation uploads in the Publisher REST API for both of the following endpoints:

  • POST /apis/{apiId}/documents/{documentId}/content
  • POST /api-products/{productId}/documents/{documentId}/content

Enhancement details:

  • Inspect and validate the MIME type of the uploaded input stream against a predefined whitelist of supported types.
  • Reject uploads with unsupported MIME types by returning an error response

Version

No response

DakshithaS avatar May 14 '25 06:05 DakshithaS