The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs, which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, you can understand and interact with the remote service with a minimal amount of implementation logic.
OpenAPI is becoming a popular tool and the de-facto standard that APIs are described. FortiWeb can parse the OpenAPI description file and provide additional security to APIs by making sure that access is based on the definitions described in the OpenAPI file.
FortiWeb supports OpenAPI 3.0.x(0-9).
An OpenAPI file defines or describes the API. For example, what is the API URL, what are the parameter names in the URL, what type of data parameters should have (string, integer, etc), where are parameters submitted (URL, header, body, etc.), and so on. For more information about OpenAPI files, see https://github.com/OAI/OpenAPI-Specification.
It is RECOMMENDED you use Swagger Editor to generate your OpenAPI file, https://swagger.io/tools/swagger-editor/.
When you upgrade to FortiWeb 6.3.0, you need to re-upload your valid OpenAPI files.
Once you upload the valid OpenAPI description file, FortiWeb will parse the file, and then block requests that do not match the definitions in the file.
The figure below shows how FortiWeb supports OpenAPI.