Interceptors - Blocking API Calls
In some cases you might want to block API calls for reaching BioT.
This might happen if you would like to prevent a certain type of user form modifying an entity.
For example you might want to prevent a care giver from modifying the an already recorded usage session.
You will want to intercept the following update usage session API.
https://example.com/device/v1/devices/{deviceId}/usage-sessions/{id}
To do that, make an API call and register to intercept the API with the following parameters:
{
apiId: 'PATCH/device/v1/devices/{deviceId}/usage-sessions/{id}',
entityName: 'usage-session',
endpoint: 'https://example.com/plugin_endpoint_url',
executionOrder: 100
}
Once registered, in the plugin code, verify that the call needs to be blocked by inspecting the calling user type, and that the specific usage that he is trying to modify.
If you determine that this API needs to be blocked, return a response that will indicate to BioT that this API needs to be blocked.
For example:
{
"code": "MODIFICATION_FORBIDDEN",
"message": "User with ID {7b18b39a-94b6-4393-b200-93008090d2a1} is not allowed to modify usage session with ID {ce7d0e6c-9302-4c3b-a10f-f7fa61283bd1}",
"serviceName": "Device Service",
"traceId": "a07a7e532f3541d8",
"environment": "develop",
"details": {
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
}
}
In the response header set the HTTP status code to a status that is not 2XX.
In our case we would like to use 403.
BioT will detect that the response is not 2XX and bock the API request.
Updated 11 months ago