IBM z/OS Management Facility (z/OSMF)

 View Only

 Restricting use of a zOSMF REST API based on the application/octet-stream Content-Type header.

Roger Lowe's profile image
Roger Lowe posted Fri November 29, 2024 01:44 AM

Hello,
 
We are looking to exploit the z/OS jobs REST interface in z/OSMF documented here: https://www.ibm.com/docs/en/zos/3.1.0?topic=interface-submit-job. We want to restrict what JCL the caller can use, specially we do not what them to be able to supply their own JCL via the application/octet-stream Content-Type header. Is there a way to deny the request if the REST API is called with this header?
 
Thanks, Roger

Kurt Quackenbush's profile image
Kurt Quackenbush posted Tue December 03, 2024 10:56 AM

I do not believe there is a mechanism for the z/OSMF Jobs REST API to restrict which jobs can be submitted and/or which HTTP headers are used on the submit.  I'm scratching my head though, why do you want to restrict use of this particular header?  And is it really the use of the header that you want to restrict, or something else?  Do you have a similar issue/desire to restrict when using the TSO SUBMIT command?  A little context might help us identify a possible solution.

Related Content