improved

Web Application Scanning: New Model for Input Errors

The Web Application Scanning v2 API now returns more specific error messages when validating user input. The new error model helps users to quickly identify and correct input errors.

This update affects the following endpoints:

API EndpointChange
POST /was/v2/configsNew model for input errors.
PUT /was/v2/configs/{config_id}New model for input errors.
PUT /was/v2/user-templates/{user_template_id}New model for input errors.

Example

If you forget to supply the name request body parameter when creating a scan configuration with the POST /was/v2/configs endpoint, an HTTP 400 error will be returned with the following response:

{
  "code": "INPUT_FORM_VIOLATION",
  "fields": [
    {
      "field": ".name",
      "message_type": "VALUE_MUST_BE_SPECIFIED",
      "value": {
        "message": "the value must be specified"
      }
    }
  ]
}

Note: The affected field is described in JSON syntax. For example, if the failed field is .foo.bar.baz, it would correspond to:

{
  foo: {
    bar: {
      baz: <bad data>
    }
  }
}

Input Error Codes

The following input error codes can be returned with an HTTP 400 error:

  • VALUE_MUST_BE_SPECIFIED—Returned if a required body parameter is missing.
  • VALUE_NOT_POSITIVE—Returned if your input contains a negative integer when it should be positive.
  • VALUE_IS_NEGATIVE—Returned if your input contains a positive integer when it should be negative.
  • VALUE_CANT_BE_CHANGED—Returned if you attempted to change a value that cannot be changed.
  • VALUE_MUST_BE_GREATER—Returned if your input contains a value that is smaller than the minimum required lower bound.
  • FIELD_CANT_BE_ADDED—Returned if your input contains a field that can't be added.
  • INVALID_TYPE—Returned if your input contains an invalid type (ex. integer or string).
  • INVALID_FORMAT—Returned if your input contains an invalid format.