DEV Registry Service

API Validator

API Validator can be used to validate implementation of the EWP APIs against the specification. You should be aware that the Validator is publicly available, any API can be tested any time. Both requests and responses are also publicly available.

To be compliant with the EU General Data Protection Regulation (GDPR) you should not, under any circumstances, expose private personal data to unauthorised users.

Make sure that the system you connect to the DEMO EWP Network contains only scrambled data or artificial data. This network is used for testing, so - according to Murphy's law - whatever can go wrong, will go wrong.

Security options

A--- - No Client Authentication (Anonymous Client)
S--- - Client Authentication with TLS Certificate (self-signed)
T--- - Client Authentication with TLS Certificate (CA-signed)
H--- - Client Authentication with HTTP Signature
-T-- - Server Authentication with TLS Certificate (CA-signed)
-H-- - Server Authentication with HTTP Signature
--T- - Request Encryption only with regular TLS
--E- - Request Encryption with ewp-rsa-aes128gcm
---T - Response Encryption only with regular TLS
---E - Response Encryption with ewp-rsa-aes128gcm

APIs defined in manifest https://ewp.solenovo.fi/ewp/rest/manifest:

Here you have to select security method that will be used to perform calls to validated API. Security method consists of four letters, their meaning is described on the top of this page.

Parameters are values used by validators when they perform calls to APIs. You should leave those fields empty, validators are able to find proper values themselves. However there are certain cases when you would like to fill those fields.

When should I fill those fields?

  1. You would like to see if your API works with parameters different than ones found by the validator.
  2. Validator obtains its parameters using API you do not support.
    E.g. if you want to validate Courses API, validator will use Course Replication API to find los_id parameters that can be used to query Courses API. If your host doesn't implement Replication API the validator will report that it cannot find required API and won't perform tests. In that case you can manually provide hei_id and los_id values from you database. Validator will run tests using that values.

How to find out what parameters are used by the validator?

You should look at details of requests made by the validator, they are used as parameters for HTTP requests with same names.

What is the meaning of parameter X?

Look at the specification of the API you are validating, parameters used here are subset of those described there.

If you manually enter parameter please take care to provide correct values, they cannot be verified and are assumed to be correct. Providing invalid parameters will result in failed tests.