Manual Chapter :
Working with OpenAPI
Applies To:
Show VersionsBIG-IP ASM
- 16.0.1, 16.0.0, 15.1.0, 15.0.1, 15.0.0
Working with OpenAPI
You can use your existing OpenAPI (Swagger) specification file to quickly
create an Application Security Manager security policy. Use the REST API to upload the
specification file. When creating the security policy in the GUI, use the special API
Security policy template. This streamlined template and the configurations contained in
your OpenAPI specification file eliminate the need for further regular security policy
configurations in ASM.
There is no support for OpenAPI file
upload when sent with
multipart/form-data
.OpenAPI / ASM integration is useful in a CI/CD environment. Using a CI/CD pipeline, the
security policy can be regularly and automatically updated.
When using an API Security policy, regular traffic learning is disabled
because the expected traffic configurations are already defined in the OpenAPI
specification file. However, learning is enabled for the following violation groups:
- HTTP protocol compliance
- Evaluation techniques
- Disallowed file types
- Attack signatures
- Meta characters
The basePath is used as the API gateway. Therefore, the basePath/path must be
configured for the actual server where the API will be deployed. An incorrect
basePath will prevent traffic from being routed to ASM.