You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/pages/development/components/web-api/services.md
+44Lines changed: 44 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -80,6 +80,50 @@ Following are some examples of various types and what they would look like in th
80
80
81
81
If a service method argument is called `item`, there will be a problem during SOAP processing. All item nodes are removed during SOAP request processing. This is done to unwrap array items that are wrapped by the SOAP server into an `item` element.
82
82
83
+
## REST API constructor parameter validation
84
+
85
+
When a REST API call is made, the framework validates the constructor parameters of the class that implements the service interface. The framework checks that each parameter can be instantiated. If a parameter cannot be instantiated, the framework throws an exception.
86
+
87
+
Adobe Commerce 2.4.9 and all prior supported versions of Adobe Commerce have been patched to validate constructors. [Adobe Security Bulletin APSB25-88](https://helpx.adobe.com/security/products/magento/apsb25-88.html) describes the issue and provides additional information.
88
+
89
+
Supported parameter types:
90
+
91
+
- Simple types (string, int, float, boolean)
92
+
- Arrays of simple types
93
+
-`*\Api\Data\*Interface` classes
94
+
95
+
Unsupported parameter types:
96
+
97
+
- Models
98
+
- Service classes
99
+
- Other complex types
100
+
101
+
Unsupported parameters will not be instantiated from REST payloads.
102
+
103
+
Developers that previously defined REST APIs must review service interfaces and implementations for unsupported constructor parameters. Look for these patterns:
104
+
105
+
-**Constructor Parameter Injection**: Look for nested objects in API payloads.
106
+
107
+
-**Complex Object Types**: Check for references to `Model` classes or services.
108
+
109
+
-**Custom Properties**: Identify any non-standard API parameters.
110
+
111
+
-**Extension-specific APIs**: Review custom module API implementations.
112
+
113
+
### Troubleshooting
114
+
115
+
You might encounter the following error messages when you use an unsupported field name:
116
+
117
+
- On versions 2.4.7 and higher
118
+
119
+
`{ "message": "\"{fieldName}\" is not supported. Correct the field name and try again." }`
120
+
121
+
- On versions 2.4.6 and lower
122
+
123
+
`{ "message": "Property \"{fieldName}\" does not have accessor method \"{methodName}\" in class \"{className}\"." }`
124
+
125
+
When these errors occur, constructor parameters using complex types are rejected.
126
+
83
127
## webapi.xml configuration options
84
128
85
129
To define web API components, set these attributes on these XML elements in the
0 commit comments