Question - Improved REST API

Forum - Software
1

I’m trying to work with the REST API and i did run into multiple smaller issues.

Issues:

  • Some fields have required to have a value, but the value can be empty, if create it with the frontend, for example: under security services → audit_metric_description it doesn’t allow an empty string.
  • risk appetite threshold isn’t queryable

Ideas to :

  • Patch only single fields
  • Patch/Create with json as request body instead of post url encoding
  • Have centralized swagger ui for all endpoints
2

Any ideas?

3

Hello,

Yes, I can confirm that when creating internal control via APIs you have to set audit dates as well. Not sure why it was implemented that way but creating an issue so we will have a look.
Int. ref.: https://github.com/eramba/eramba/issues/4804

I can also confirm that the risk appetite threshold isn’t queryable at the moment.

Int. ref.: https://github.com/eramba/eramba/issues/4805

4

Hello Sam,

Thanks for the answer.

The most important thing for me is to able to just update a single field as it possible in the UI.

Try to get the UI api call working in a script but it isn’t possible that easy.

5

It looks like that classifications can’t be empty to.

6

Hello,

We have run into the same audit/maintenance REST API issue. When updating internal controls via APIs, it requires the audit and maintenance fields, even though we don’t have any set. Will this issue be updated in the future?

7

PUT requests require the full object because they replace it entirely. So, unfortunately, the only workaround is to use null for those fields:
“security_service_audit_dates”: [null],
“security_service_maintenance_dates”: [null],

What you’re looking for are PATCH requests to partially update an item, which unfortunately are not available :frowning:

8

Thank you, I realize I wasn’t filling the [null] value properly, so actually no problems here!