API Connect

 View Only
  • 1.  Custom Error Message for Decryption using XSLT in API Connect

    Posted Wed November 30, 2022 11:14 AM

    Hi All,


    We planned to construct a custom error message. While doing decryption with encrypted xml requests in API Connect we are getting event-code(error-code) as 0x0000000 in Data Power and APIC . We are getting context variables(error-name, error-message, message status code ,error status codes and etc...) but not getting exact error message if an error occurred in decryption using XSLT for example if there is no key specified then it should say "key not found".


    Please share your valuable thoughts on this.



    ------------------------------
    Anusha Pudari
    ------------------------------


  • 2.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Fri December 02, 2022 11:48 AM

    Hi Anusha,

    The error will be found in the results of the extension function call.  For example, I wrote this quick example xsl where I provided a bad algorithm

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
       xmlns:dp="http://www.datapower.com/extensions"
       exclude-result-prefixes="dp"
       extension-element-prefixes="dp"
       version="1.0">
    
       <xsl:output method="xml" indent="yes"/>
       
       <xsl:template match="/">
          <!-- <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes256-cbc'"/> -->
          <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes256-cbc-BAD'"/>
          <xsl:variable name="session-key" select="dp:generate-key($algorithm)"/>
          <xsl:message dp:priority="error">AFTER dp:generate-key:
                                           session-key=<xsl:value-of select="$session-key"/>,
                                           error-code=<xsl:value-of select="dp:variable('var://service/error-code')"/>,
                                           error-subcode=<xsl:value-of select="dp:variable('var://service/error-subcode')"/>,
                                           error-message=<xsl:value-of select="dp:variable('var://service/error-message')"/>
          </xsl:message>
          <xsl:variable name="ciphertext" select="dp:encrypt-data($algorithm,$session-key,'this is a test')"/>
          <xsl:message dp:priority="error">AFTER dp:encrypt-data:
                                           ciphertext=<xsl:value-of select="$ciphertext"/>,
                                           error-code=<xsl:value-of select="dp:variable('var://service/error-code')"/>,
                                           error-subcode=<xsl:value-of select="dp:variable('var://service/error-subcode')"/>,
                                           error-message=<xsl:value-of select="dp:variable('var://service/error-message')"/>
          </xsl:message>
       </xsl:template>
       
    </xsl:stylesheet>

    and what is logged is

    20221202T163959.050Z [0x80000001][xsltmsg][error] mpgw(Test-MPGW): tid(9589088)[request][IP ADDRESS] gtid(196c5565638a2a5f00925160): AFTER dp:generate-key:
                                           session-key=*Unrecognized algorithm*,
                                           error-code=0x00000000,
                                           error-subcode=0x00000000,
                                           error-message=
    20221202T163959.050Z [0x80000001][xsltmsg][error] mpgw(Test-MPGW): tid(9589088)[request][IP ADDRESS] gtid(196c5565638a2a5f00925160): AFTER dp:encrypt-data:
                                           ciphertext=*base64 decode of shared secret key failed*,
                                           error-code=0x00000000,
                                           error-subcode=0x00000000,
                                           error-message=

    With a good algorithm I get the expected results

    20221202T164452.231Z [0x80000001][xsltmsg][error] mpgw(Test-MPGW): tid(9591824)[request][IP ADDRESS] gtid(196c5565638a2b8400925c10): AFTER dp:generate-key:
                                           session-key=9g3W/qTTgYbVnQB9bTvj2bZ3VGqeks4C3HD+4+YhaDU=,
                                           error-code=0x00000000,
                                           error-subcode=0x00000000,
                                           error-message=
    20221202T164452.231Z [0x80000001][xsltmsg][error] mpgw(Test-MPGW): tid(9591824)[request][IP ADDRESS] gtid(196c5565638a2b8400925c10): AFTER dp:encrypt-data:
                                           ciphertext=ljXKOKJI0SeDi9iYzS4T9YG2jKqLG33JjgOdAKkQ7IM=,
                                           error-code=0x00000000,
                                           error-subcode=0x00000000,
                                           error-message=

    I would think for decrypt the same pattern would be followed, ie, no error service variable is set, but the result of the extension function would have either a valid value or the error message where the error message would be surrounded with an *.

    Best Regards,

    Steve Linn



    ------------------------------
    Steve Linn
    Senior Consulting I/T Specialist
    IBM
    ------------------------------



  • 3.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Thu December 08, 2022 07:17 AM

    Hi Steve,


    As you stated it is showing the error reason and error-sub code in data power logs but we can't handle the errors through this code in API Connect.


    we need to handle the errors exactly where the error occurs . It is clearly shown in logs(the code which you have shown for encryption).similarly, how to show the response body with a custom message.

    Similarly, how to handle errors using Gatewayscript with custom error messages like "algorithm is invalid" in the response body.


     We are able to handle the exception in Gatewayscript  using try catch blocks similarly how to handle the exception in XSLT also.


    Please share your valuable thoughts on this.



    ------------------------------
    Anusha Pudari
    ------------------------------



  • 4.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Thu December 08, 2022 05:31 PM

    Hi Anusha,

    Unfortunately all you have in xslt is the result of the extension function.  Errors will be returned enclosed in asterisks, for example *Unrecognized algorithm*  which in my simplistic case is the reason my dp:generate-key($algorithm) extension function failed as I purposely provided an incorrect algorithm.  In your case of decryption, you should have a specific message in the response enclosed in asterisks as well.  So to determine if you had an error you would do something like (and I'll use my code above)

    <xsl:variable name="session-key" select="dp:generate-key($algorithm)"/>
    <xsl:choose>
      <xsl:when test="start-with($session-key, '*') and ends-with($session-key, '*')">
        <xsl:message dp:priority="error">dp:generate-key failed, error:<xsl:value-of select="$session-key"/></xsl:message>
      </xsl:when>
      <xsl:otherwise>
        <!-- session-key was successfully generated, continue with the next function -->
        ...
      </xsl:otherwise>
    </xsl:choose>
    

    Best Regards,

    Steve Linn



    ------------------------------
    Steve Linn
    Senior Consulting I/T Specialist
    IBM
    ------------------------------



  • 5.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Thu December 22, 2022 12:56 AM

    Hi Steve,

    We framed an xml document for handling all errors with custom message when condition matches message between "*".

    Now we are planning to get a custom error message for a particular node in API Connect if it contains an error. For example if error contains in validate policy node then how to set a custom error message for that particular node.

    Please share your valuable thoughts on this.



    ------------------------------
    Anusha Pudari
    ------------------------------



  • 6.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Tue December 27, 2022 02:12 PM

    Hi Anusha,
    I'm not sure I understand what you're trying to accomplish. If you have an error that stops the assembly and you're catching that error, the context.error should have all the information you need. If you're using v5 compatibility mode then the apim.getError() function should provide similar information for you to construct a customized response. 


    Best Regards,
    Steve Linn



    ------------------------------
    Steve Linn
    Senior Consulting I/T Specialist
    IBM
    ------------------------------



  • 7.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Wed May 31, 2023 06:17 AM
    Edited by Stefen Salvatore Wed May 31, 2023 06:18 AM

    Hi @Steve Linn 

    I am also facing a similar thing with another error.

    I myself call my local app to connect from my local API connect and when the application is deployed in a server and the application is in a stop state in the App Connect then I will get a 500 url open error in API Connect. And I am able to handle this but when the application in App Connect is in the start state and I am wantedly enabling debug perspective and pause my transaction in app connect and in API Connect invoke policy timeout is set to 60seconds and after 60 seconds I am getting error like 500-url-open and with no message body and as well as my error global policy is unable to handle it. The logs written in DataPower for the second case are as:

    3:18:38 PM 556755   192.168.0.192 0x80e00625 apigw (Api-Dev): Connect to URL 'http://192.1X8.0.1X2:7800/form' timed out
    3:17:38 PM 1078960   192.168.0.192 0x80e00625 apigw (Api-Dev): Connect to URL 'http://192.1X8.0.1X2:7800/form' timed out

    And no trace is also visible in API Connect after the API gives this error response.

    May I know the possible way to handle this traceless error from my error global policy?
    sample error from postman is attached here please go through it


    Picture of Error from API Connect which is not showing any trace is attached here:

    Thanks in Advance!!



    ------------------------------
    Vyasavardhan Ramagiri
    ------------------------------



  • 8.  RE: Custom Error Message for Decryption using XSLT in API Connect

    Posted Wed May 31, 2023 06:30 PM

    Hi Vyasavardhan,
    Your invoke policy should specify a stop on error for ConnectionError.  The assembly will stop after this and the exception can be caught by either the catch logic of the API or a post-error global policy.
    Best Regards,
    Steve



    ------------------------------
    Steve Linn
    Senior Consulting I/T Specialist
    IBM
    ------------------------------