Skip to main content

49 posts tagged with "link"

View All Tags

[Feature]: Swagger API Testing Security and Usability Improvements

  • This release introduces API testing using a principal propagation destination and OpenID Connect (OIDC) configured in Swagger API documentation.

  • Swagger now supports OAuth2 authorization. Users can authenticate in Swagger using the OpenID Connect flow.

Detailed documentation can be found here: Swagger UI

[Feature]: Optional session-id header for session management

  • This release introduced an optional header parameter called session-id which will help manage the sessions better.

Additional details can be found in the session documentation.

Bug Fixes

This release corrects the behavior of the sanity-check URL for two scenarios:

  • The endpoint must be enabled in the API proxy with the SanityCheckEnabled variable with the value of true.

  • The endpoint now correctly handles the SAP client value.

Read more about the SAP client feature at the feature documentation.

The enosix team has completed testing to ensure compatibility of the latest enosix apps with the Salesforce Summer ‘26 release. Below are the key details of the testing process and outcomes:

Testing Highlights

  • Regression Testing:

    • Tests were executed to validate functionality and compatibility.
  • Products Tested:

  • Mobile App Compatibility:

    • The Surface app was tested in the latest version of the Salesforce Mobile app.

Testing Scope and Outcomes

  1. Sync for Salesforce v1.3.4:

    • Validated real-time data synchronization between Salesforce and SAP.
    • Ensured consistent performance across core use cases, including object synchronization and data accuracy.
  2. Surface v2.8.1:

    • Confirmed compatibility with the Salesforce Sales app.
    • Verified Lightning components function in the Salesforce Mobile app.
  3. SDK v1.7 + Cloud-UI:

    • Verified the ability to configure a material/product and update the price on a quote line item using Cloud-UI in CPQ.

Results

  • Compatibility Confirmed: All tested products are fully compatible with Salesforce Summer ‘26.
  • No Critical Issues Identified: Testing revealed no blockers or critical issues.

The enosix team remains committed to ensuring our solutions deliver seamless integration and superior performance. For any questions or support, please contact our team.

Support portal: https://go.enosix.com/support

[Feature]: Swagger API Testing Security and Usability Improvements

  • This release introduces API testing using a secured API key in Swagger API documentation.

  • Swagger now supports API key authentication. Users can authenticate in Swagger using the API key flow. This aligns interactive documentation with how protected APIs are actually secured.

  • Swagger “Try It Out” can be controlled by configuration. Teams can enable or disable Swagger’s live testing capability per environment. This helps keep production documentation visible while preventing unauthorized test execution.

Detailed documentation can be found here: Swagger UI

Validate Credentials for Delegated Authentication

When a request is made to the /auth-payload endpoint for api proxies or via ?link-function=auth-payload for Proxies, Link validates the provided credentials against the SAP backend before issuing a delegated auth token. If the credentials are invalid or missing, a 401 Unauthorized response is returned.

[Feature]: This release introduces strict query parameter validation in the API Proxy to prevent query parameter injection into downstream SAP requests. The change addresses an issue where encoded characters (e.g., %26 for &) could be used to pass additional parameters.

Allows only below-listed query parameters, and any additional parameters passed on request are dropped

  • sap-client: Exactly 3 digits
  • sap-sessioncmd: Must be cancel
  • sap-language: Exactly 2 characters
  • link-function: Must be auth-payload
  • saml2: Must be disabled
  • tabs: Letters only
  • key: String or the literal $*$
  • expirationSeconds: Positive integer 1..2147483647
  • cid: Alphanumeric less than or equal to 10 characters

Enhancements

  • Override CID on Link API requests. Support has been added to specify a Customizing ID on proxied API requests. Specifying a cid query string parameter will override the x-enosix-cid extension of the Open API Specification for the endpoint.

Bug Fixes

  • Reading CID from Open API Specification. A bug causing API endpoints to ignore the configured x-enosix-cid extension in the Open API Specification.

Enhancements

Ability to pass CID as Query Param.

Added support for passing cid as a query parameter to the SAP backend. The following validation rules have been added for the cid parameter:

  • Alphanumeric characters only (a-z, A-Z, 0-9)
  • Length: 1-10 characters
  • No special characters or spaces allowed

Enhancements

  • Swagger UI Configuration Control
    The API Proxy configuration now supports a SwaggerEnabled property that allows you to control whether the Swagger UI and OpenAPI Specification endpoints are exposed for each API Proxy. Setting SwaggerEnabled: true enables these documentation endpoints, which is useful for development and testing environments. By default, Swagger endpoints are disabled. See the Swagger UI for full details.