• Home
  • CodeSent for Apigee
    • Features
    • Rules
    • API
  • Demo
  • Pricing
  • Blog
  • Contacts
  • Sign in
  • Get a demo
    • Home
    • CodeSent for Apigee
      • Features
      • Rules
      • API
    • Demo
    • Pricing
    • Blog
    • Contacts
  • Sign in
  • Get a demo
  2. Rules
  3. Missing API versioning

Missing API versioning

Severity
Info 
Tags
Secure Configuration 
Applies to
Proxy 
Links
CWE-710
Why This Issue Is ImportantHow This Issue Is DetectedHow to Fix the Issue

Why This Issue Is Important

Without API versioning, deprecated or unmaintained endpoints might still be accessible, increasing the risk of exposing outdated and potentially vulnerable code. Versioning also helps manage security updates and deprecations systematically, ensuring that only secure and well-maintained versions are in use.

How This Issue Is Detected

This issue is detected by analyzing the BasePath of the API defined in the HTTPProxyConnection element of the Apigee proxy configuration. If no version pattern (e.g., /v1, /v2) is found in the BasePath, a warning is raised to indicate the absence of versioning.

How to Fix the Issue

To fix this issue, update the BasePath of your API proxy to include a version number. This is typically done by appending a version segment to the path, like /v1 or /v2. Here’s an example: 

<HTTPProxyConnection>
    <BasePath>/v1/myapi</BasePath>
</HTTPProxyConnection>

This versioning scheme allows you to create new versions of the API (e.g., /v2/myapi) without disrupting existing consumers using the older version. 

 

Back to Rules

Sentinel Strength for Secure API Gateway Code

  • ​Home
  • Features
  • Demo
  • Rules
  • Blog
  • Apigee Best Security Practices
  • Contact us

  • ​+381 637 736 053 ​
  • ​info@codesent.io
Socials
​
Copyright © CodeSent
Apigee is a registered trademark of Google LLC

We use cookies to provide you a better user experience on this website. Cookie Policy

Only essentials I agree