Merging to release-5.7.1: [TT-13761] add batch request to the latest open api specs (#6797)

[buger]

User description

TT-13761 add batch request to the latest open api specs (#6797)

TT-13761

Summary	add batch request to the latest open api specs
Type	Story
Status	In Code Review
Points	N/A
Labels	-

---

When the new Gateway Open Api spec was created. The Batch request
endpoint was left out .This should be added to the gateway OAS.

This pr also fixes an issue where the external OAS Url we were using now
return error 404. This pr changes that to use a local copy of the
external oas . I.e we have changed from :
https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json
to
https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json

Link: https://tyk.io/docs/5.5/tyk-gateway-api/

TT-13761

---

Co-authored-by: itachi sasuke [email protected]

---

PR Type

Enhancement, Bug fix

---

Description

• Added a new "Batch requests" feature to the OpenAPI specification, including a detailed description, examples, and a new endpoint /{listen_path}/tyk/batch.
• Introduced new schemas (BatchRequestStructure, BatchReplyUnit, and RequestDefinition) to support batch request functionality.
• Updated the OpenAPI schema reference URL from an external source to a local copy hosted in the repository to resolve a 404 error issue.

---

Changes walkthrough 📝

	Relevant files
Bug fix	.redocly.lint-ignore.yaml Update OpenAPI schema reference URL to local copy                .redocly.lint-ignore.yaml Updated the reference URL for the OpenAPI schema from an external source to a local copy hosted in the repository. +1/-1
Enhancement	swagger.yml Add batch request endpoint and update OpenAPI schema references swagger.yml Added a new "Batch requests" section to the OpenAPI specification with detailed descriptions and examples. Introduced a new endpoint /{listen_path}/tyk/batch for handling batch requests. Defined new schemas for batch request and response structures (BatchRequestStructure, BatchReplyUnit, and RequestDefinition). Updated references to the OpenAPI schema URL to use a local copy. +295/-6

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

Swagger Changes

  
  
  
  
  
  
  
  
  
  
  
  
    
    
    
    
    
    
    
    
    
    
     _        __  __
    /{listen_path}/tyk/batch:
    BatchReplyUnit:
    BatchRequestStructure:
    RequestDefinition:
   _| |_   _ / _|/ _|  between swagger-prev.yml
  + one list entry added:
  + one list entry added:
  + one list entry added:
  + one list entry added:
  + one list entry added:
  + one map entry added:
  + three map entries added:
  - one list entry removed:
  - one list entry removed:
  - one list entry removed:
  - one list entry removed:
  ± value change
  ± value change
 / _' | | | | |_| |_       and swagger-current.yml
 \__,_|\__, |_| |_|   returned nine differences
components.schemas
paths
paths./tyk/apis/oas.get.responses.200.content.application/json.schema.items.allOf
paths./tyk/apis/oas.post.requestBody.content.application/json.schema.allOf
paths./tyk/apis/oas/import.post.requestBody.content.application/json.schema.$ref
paths./tyk/apis/oas/{apiID}.get.responses.200.content.application/json.schema.allOf
paths./tyk/apis/oas/{apiID}.patch.requestBody.content.application/json.schema.$ref
paths./tyk/apis/oas/{apiID}.put.requestBody.content.application/json.schema.allOf
tags
| (_| | |_| |  _|  _|

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ✅ 6797 - Fully compliant Fully compliant requirements: Add the batch request endpoint to the latest Gateway Open API specifications. Replace the external OAS URL with a local copy to avoid 404 errors. Not compliant requirements: None

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Documentation Clarity Ensure that the added documentation for the batch request endpoint is clear, concise, and provides sufficient examples for developers to understand its usage. - description: | Tyk supports batch requests, so a client makes a single request to the API but gets a compound response object back. This is especially handy if clients have complex requests that have multiple synchronous dependencies and do not wish to have the entire request / response cycle running for each event. To enable batch request support, set the `enable_batch_request_support` value to `true` Batch requests that come into Tyk are *run through the whole Tyk machinery* and *use a relative path to prevent spamming*. This means that a batch request to Tyk for three resources with the same API key will have three requests applied to their session quota and request limiting could become active if they are being throttled. Tyk reconstructs the API request based on the data in the batch request. This is to ensure that Tyk is not being used to proxy requests to other hosts outside of the upstream API being accessed. Batch requests are created by POSTING to the `/{listen_path}/tyk/batch/` endpoint. These requests **do not require a valid key**, but their request list does. <h3>Sample Request</h3> ```{json} { "requests": [ { "method": "GET", "headers": { "x-tyk-test": "1", "x-tyk-version": "1.2", "authorization": "1dbc83b9c431649d7698faa9797e2900f" }, "body": "", "relative_url": "get" }, { "method": "GET", "headers": { "x-tyk-test": "2", "x-tyk-version": "1.2", "authorization": "1dbc83b9c431649d7698faa9797e2900f" }, "body": "", "relative_url": "get" } ], "suppress_parallel_execution": false } ``` The response will be a structured reply that encapsulates the responses for each of the outbound requests. If `suppress_parallel_execution` is set to `true`, requests will be made synchronously. If set to `false` then they will run in parallel and the response order is not guaranteed. <h3>Sample Response</h3> ``` [ { "relative_url": "get", "code": 200, "headers": { "Access-Control-Allow-Credentials": [ "true" ], "Access-Control-Allow-Origin": [ "*" ], "Content-Length": [ "497" ], "Content-Type": [ "application/json" ], "Date": [ "Wed, 12 Nov 2014 15:32:43 GMT" ], "Server": [ "gunicorn/18.0" ], "Via": [ "1.1 vegur" ] }, "body": "{ "args": {}, "headers": { "Accept-Encoding": "gzip", "Authorization": "1dbc83b9c431649d7698faa9797e2900f", "Connect-Time": "2", "Connection": "close", "Host": "httpbin.org", "Total-Route-Time": "0", "User-Agent": "Go 1.1 package http", "Via": "1.1 vegur", "X-Request-Id": "6a22499a-2776-4aa1-80c0-686581a8be4d", "X-Tyk-Test": "2", "X-Tyk-Version": "1.2" }, "origin": "127.0.0.1, 62.232.114.250", "url": "http://httpbin.org/get" }" }, { "relative_url": "get", "code": 200, "headers": { "Access-Control-Allow-Credentials": [ "true" ], "Access-Control-Allow-Origin": [ "*" ], "Content-Length": [ "497" ], "Content-Type": [ "application/json" ], "Date": [ "Wed, 12 Nov 2014 15:32:43 GMT" ], "Server": [ "gunicorn/18.0" ], "Via": [ "1.1 vegur" ] }, "body": "{ "args": {}, "headers": { "Accept-Encoding": "gzip", "Authorization": "1dbc83b9c431649d7698faa9797e2900f", "Connect-Time": "7", "Connection": "close", "Host": "httpbin.org", "Total-Route-Time": "0", "User-Agent": "Go 1.1 package http", "Via": "1.1 vegur", "X-Request-Id": "1ab61f50-51ff-4828-a7e2-17240385a6d2", "X-Tyk-Test": "1", "X-Tyk-Version": "1.2" }, "origin": "127.0.0.1, 62.232.114.250", "url": "http://httpbin.org/get" }" } ] ``` With the body for each request string encoded in the `body` field. * `expire_analytics_after`: If you are running a busy API, you may want to ensure that your MongoDB database does not overflow with old data. Set the `expire_analytics_after` value to the number of seconds you would like the data to last for. Setting this flag to anything above `0` will set an `expireAt` field for each record that is written to the database. **Important:** Tyk will not create the expiry index for you. In order to implement data expiry for your analytics data, ensure that the index is created This is easily achieved using the [MongoDB command line interface](https://docs.mongodb.com/getting-started/shell/client/). * `dont_set_quota_on_create`: This setting defaults to `false`, but if set to `true`, when the API is used to edit, create or add keys, the quota cache in Redis will not be re-set. By default, all updates or creates to Keys that have Quotas set will re-set the quota (This has been the default behaviour since 1.0). This behaviour can be bypassed on a case-by-case basis by using the `suppress_reset` parameter when making a REST API request. This is the advised mode of operation as it allows for manual, granular control over key quotas and reset timings. * `cache_options`: This section enables you to configure the caching behaviour of Tyk and to enable or disable the caching middleware for your API. * `cache_options.enable_cache`: Set this value to `true` if the cache should be enabled for this endpoint, setting it to false will stop all caching behaviour. * `cache_options.cache_timeout`: The amount of time, in seconds, to keep cached objects, defaults to `60` seconds. * `cache_options.cache_all_safe_requests`: Set this to `true` if you want all *safe* requests (GET, HEAD, OPTIONS) to be cached. This is a blanket setting for APIs where caching is required but you don't want to set individual paths up in the definition. * `cache_options.enable_upstream_cache_control`: Set this to `true` if you want your application to control the cache options for Tyk (TTL and whether to cache or not). See [Caching](/docs/basic-config-and-security/reduce-latency/caching/) for more details. * `response_processors`: Response processors need to be specifically defined so they are loaded on API creation, otherwise the middleware will not fire. In order to have the two main response middleware components fire, the following configuration object should be supplied. ```{json} "response_processors": [ { "name": "header_injector", "options": { "add_headers": {"name": "value"}, "remove_headers": ["name"] } }, { "name": "response_body_transform", "options": {} } ] ``` The options for the `header_injector` are global, and will apply to all outbound requests. name: "Batch requests" Schema Reference Update Verify that the updated schema references to the local OAS file are correct and do not introduce any inconsistencies. - $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json - $ref: '#/components/schemas/XTykAPIGateway' type: array description: List of API definitions in Tyk OAS format. "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden summary: List all APIs in Tyk OAS API format. tags: - Tyk OAS APIs post: description: Create an API with Tyk OAS API format on the Tyk Gateway. operationId: createApiOAS parameters: - description: The base API which the new version will be linked to. example: 663a4ed9b6be920001b191ae in: query name: base_api_id required: false schema: type: string - description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name. example: Default in: query name: base_api_version_name required: false schema: type: string - description: The version name of the created version. example: v2 in: query name: new_version_name required: false schema: type: string - description: If true, the new version is set as default version. example: true in: query name: set_default required: false schema: type: boolean requestBody: content: application/json: example: components: securitySchemes: bearerAuth: description: The API Access Credentials scheme: bearer type: http info: description: This is a sample OAS. title: OAS Sample version: 1.0.0 openapi: 3.0.3 paths: /api/sample/users: get: operationId: getUsers responses: "200": content: application/json: schema: items: properties: name: type: string type: object type: array description: fetched users summary: Get users tags: - users security: - bearerAuth: [] servers: - url: https://localhost:8080 x-tyk-api-gateway: info: name: user state: active: true server: listenPath: strip: true value: /user-test/ upstream: url: https://localhost:8080 schema: allOf: - $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json - $ref: '#/components/schemas/XTykAPIGateway' responses: "200": content: application/json: example: action: added key: e30bee13ad4248c3b529a4c58bb7be4e status: ok schema: $ref: '#/components/schemas/ApiModifyKeySuccess' description: API created. "400": content: application/json: example: message: the payload should contain x-tyk-api-gateway status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "500": content: application/json: example: message: file object creation failed, write error status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Create an API with Tyk OAS format. tags: - Tyk OAS APIs /tyk/apis/oas/{apiID}: delete: description: Deleting an API definition will remove the file from the file store, the API definition will not be unloaded, a separate reload request will need to be made to disable the API endpoint. operationId: deleteOASApi parameters: - description: The API ID. example: 1bd5c61b0e694082902cf15ddcc9e6a7 in: path name: apiID required: true schema: type: string responses: "200": content: application/json: example: action: deleted key: 1bd5c61b0e694082902cf15ddcc9e6a7 status: ok schema: $ref: '#/components/schemas/ApiModifyKeySuccess' description: API deleted "400": content: application/json: example: message: Must specify an apiID to delete status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: API not found. "500": content: application/json: example: message: Delete failed status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Deleting a Tyk OAS API. tags: - Tyk OAS APIs get: description: Get Tyk OAS API definition using an API ID. operationId: getOASApi parameters: - description: "By default mode is empty which means it will return the Tyk API OAS spec including the x-tyk-api-gateway part. \n When mode=public, the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." example: public in: query name: mode required: false schema: enum: - public type: string - description: ID of the API you want to fetch example: 4c1c0d8fc885401053ddac4e39ef676b in: path name: apiID required: true schema: type: string responses: "200": content: application/json: examples: oasExample: $ref: '#/components/examples/oasExample' schema: allOf: - $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json - $ref: '#/components/schemas/XTykAPIGateway' description: OK headers: x-tyk-base-api-id: description: ID of the base API if the requested API is a version. schema: type: string style: simple "400": content: application/json: example: message: the requested API definition is in Tyk classic format, please use old API endpoint status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: API not found. summary: Get a Tyk OAS API definition. tags: - Tyk OAS APIs patch: description: |- You can use this endpoint to update Tyk OAS part of the Tyk API definition. This endpoint allows you to configure Tyk OAS extension based on query params provided(similar to import). operationId: patchApiOAS parameters: - description: ID of the API you want to fetch. example: 4c1c0d8fc885401053ddac4e39ef676b in: path name: apiID required: true schema: type: string - $ref: '#/components/parameters/UpstreamURL' - $ref: '#/components/parameters/ListenPath' - $ref: '#/components/parameters/CustomDomain' - $ref: '#/components/parameters/AllowList' - $ref: '#/components/parameters/ValidateRequest' - $ref: '#/components/parameters/MockResponse' - $ref: '#/components/parameters/Authentication' requestBody: content: application/json: example: components: securitySchemes: bearerAuth: description: The API Access Credentials scheme: bearer type: http info: description: This is a sample OAS. title: OAS Sample version: 1.0.0 openapi: 3.0.3 paths: /api/sample/users: get: operationId: getUsers responses: "200": content: application/json: schema: items: properties: name: type: string type: object type: array description: fetched users summary: Get users tags: - users security: - bearerAuth: [] servers: - url: https://localhost:8080 x-tyk-api-gateway: info: name: user state: active: true server: listenPath: strip: true value: /user-test/ upstream: url: https://localhost:8080 schema: $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json responses: "200": content: application/json: schema: $ref: '#/components/schemas/ApiModifyKeySuccess' description: API patched. "400": content: application/json: example: message: Must specify an apiID to patch status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: API not found. "500": content: application/json: example: message: file object creation failed, write error status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Patch API in Tyk OAS format. tags: - Tyk OAS APIs put: description: |- Updating an API definition uses the same signature an object as a `POST`, however it will first ensure that the API ID that is being updated is the same as the one in the object being `PUT`. Updating will completely replace the file descriptor and will not change an API Definition that has already been loaded, the hot-reload endpoint will need to be called to push the new definition to live. operationId: updateApiOAS parameters: - description: ID of the API you want to fetch example: 4c1c0d8fc885401053ddac4e39ef676b in: path name: apiID required: true schema: type: string requestBody: content: application/json: example: components: securitySchemes: bearerAuth: description: The API Access Credentials scheme: bearer type: http info: description: This is a sample OAS. title: OAS Sample version: 1.0.0 openapi: 3.0.3 paths: /api/sample/users: get: operationId: getUsers responses: "200": content: application/json: schema: items: properties: name: type: string type: object type: array description: fetched users summary: Get users tags: - users security: - bearerAuth: [] servers: - url: https://localhost:8080 x-tyk-api-gateway: info: name: user state: active: true server: listenPath: strip: true value: /user-test/ upstream: url: https://localhost:8080 schema: allOf: - $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json - $ref: '#/components/schemas/XTykAPIGateway' responses: "200": content: application/json: example: action: modified key: e30bee13ad4248c3b529a4c58bb7be4e status: ok schema: $ref: '#/components/schemas/ApiModifyKeySuccess' description: API updated "400": content: application/json: example: message: Request APIID does not match that in Definition! For Update operations these must match. status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: API not found "500": content: application/json: example: message: file object creation failed, write error status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Update a Tyk OAS API definition. tags: - Tyk OAS APIs /tyk/apis/oas/{apiID}/export: get: description: Use the mode query parameter to specify if you want the x-tyk-api-gateway stripped out. operationId: downloadApiOASPublic parameters: - description: ID of the API you want to fetch. example: 4c1c0d8fc885401053ddac4e39ef676b in: path name: apiID required: true schema: type: string - description: "By default mode is empty which means it will return the Tyk API OAS spec including the x-tyk-api-gateway part. \n When mode=public, the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." example: public in: query name: mode required: false schema: enum: - public type: string responses: "200": content: application/octet-stream: schema: format: binary type: string description: Exported API definition file "400": content: application/json: example: message: requesting API definition that is in Tyk classic format status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Bad Request "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Not Found "500": content: application/json: example: message: Unexpected error status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Download a Tyk OAS format API. tags: - Tyk OAS APIs /tyk/apis/oas/{apiID}/versions: get: description: Listing versions of a Tyk OAS API. operationId: listOASApiVersions parameters: - description: ID of the API you want to fetch. example: 4c1c0d8fc885401053ddac4e39ef676b in: path name: apiID required: true schema: type: string - $ref: '#/components/parameters/SearchText' - $ref: '#/components/parameters/AccessType' responses: "200": content: application/json: example: apis: - expirationDate: "" id: keyless internal: false isDefaultVersion: false name: Tyk Test Keyless API versionName: "" - expirationDate: "" id: 1f20d5d2731d47ac9c79fddf826eda00 internal: false isDefaultVersion: true name: Version three Api versionName: v2 status: success schema: $ref: '#/components/schemas/VersionMetas' description: API version metas. "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "404": content: application/json: example: message: API not found. status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: API not found summary: Listing versions of a Tyk OAS API. tags: - Tyk OAS APIs /tyk/apis/oas/export: get: description: Download all Tyk OAS format APIs, from the Gateway. operationId: downloadApisOASPublic parameters: - description: "By default mode is empty which means it will return the Tyk API OAS spec including the x-tyk-api-gateway part. \n When mode=public, the Tyk OAS API spec will exclude the x-tyk-api-gateway part in the response." example: public in: query name: mode required: false schema: enum: - public type: string responses: "200": content: application/octet-stream: schema: format: binary type: string description: Get a list of Tyk OAS APIs definitions. "403": content: application/json: example: message: Attempted administrative access with invalid or missing key! status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Forbidden "500": content: application/json: example: message: Unexpected error status: error schema: $ref: '#/components/schemas/ApiStatusMessage' description: Internal server error. summary: Download all Tyk OAS format APIs. tags: - Tyk OAS APIs /tyk/apis/oas/import: post: description: |- Import an Tyk OAS format API without x-tyk-gateway. For use with an existing Tyk OAS API that you want to expose via your Tyk Gateway. operationId: importOAS parameters: - $ref: '#/components/parameters/UpstreamURL' - $ref: '#/components/parameters/ListenPath' - $ref: '#/components/parameters/CustomDomain' - $ref: '#/components/parameters/AllowList' - $ref: '#/components/parameters/ValidateRequest' - $ref: '#/components/parameters/MockResponse' - $ref: '#/components/parameters/Authentication' - description: The base API which the new version will be linked to. example: 663a4ed9b6be920001b191ae in: query name: base_api_id required: false schema: type: string - description: The version name of the base API while creating the first version. This doesn't have to be sent for the next versions but if it is set, it will override base API version name. example: Default in: query name: base_api_version_name required: false schema: type: string - description: The version name of the created version. example: v2 in: query name: new_version_name required: false schema: type: string - description: If true, the new version is set as default version. example: true in: query name: set_default required: false schema: type: boolean requestBody: content: application/json: example: components: securitySchemes: bearerAuth: description: The API Access Credentials scheme: bearer type: http info: description: This is a sample OAS. title: OAS Sample version: 1.0.0 openapi: 3.0.3 paths: /api/sample/users: get: operationId: getUsers responses: "200": content: application/json: schema: items: properties: name: type: string type: object type: array description: fetched users summary: Get users tags: - users security: - bearerAuth: [] servers: - url: https://localhost:8080 schema: $ref: https://raw.githubusercontent.com/TykTechnologies/tyk/refs/heads/master/apidef/oas/schema/3.0.json

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Restrict the method field to valid HTTP methods to prevent invalid or unsupported requests Validate the method field in the RequestDefinition schema to allow only HTTP methods like GET, POST, PUT, DELETE, etc., to prevent invalid or unsupported methods. swagger.yml [5572-5573] method: type: string + enum: + - GET + - POST + - PUT + - DELETE + - PATCH + - OPTIONS + - HEAD Suggestion importance[1-10]: 10 Why: Restricting the method field to valid HTTP methods significantly improves security and prevents invalid or unsupported requests, which could lead to unexpected behavior or vulnerabilities. This is a critical improvement.	10
	Add validation to the relative_url field to prevent misuse or malicious requests Ensure that the relative_url field in the BatchRequestStructure schema is validated to prevent potential misuse or malicious requests targeting unintended endpoints. swagger.yml [5573-5574] relative_url: type: string + pattern: "^[a-zA-Z0-9/_-]+$" Suggestion importance[1-10]: 9 Why: Adding a validation pattern to the relative_url field enhances security by restricting it to a safe subset of characters, reducing the risk of malicious or unintended endpoint targeting. This is a significant improvement for security.	9
	Limit the size of the body field to prevent performance issues from large payloads Add a maximum length constraint to the body field in the BatchRequestStructure schema to prevent excessively large payloads that could lead to performance issues. swagger.yml [5564-5565] body: type: string + maxLength: 10000 Suggestion importance[1-10]: 8 Why: Adding a maximum length constraint to the body field mitigates the risk of performance degradation caused by excessively large payloads. This is a practical enhancement for maintaining system stability.	8
General	Add a default value for suppress_parallel_execution to ensure consistent behavior Include a default value for the suppress_parallel_execution field in the BatchRequestStructure schema to ensure consistent behavior when the field is omitted. swagger.yml [5560] suppress_parallel_execution: type: boolean + default: false Suggestion importance[1-10]: 7 Why: Including a default value for suppress_parallel_execution ensures predictable behavior when the field is omitted, improving the robustness of the schema. While not critical, it is a valuable enhancement.	7

[github-actions]

API Changes

no api changes detected

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud