Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mobility Spec Async Apis Not in Accordance with OpenApi #48

Open
JayGhiya opened this issue Apr 14, 2023 · 5 comments
Open

Mobility Spec Async Apis Not in Accordance with OpenApi #48

JayGhiya opened this issue Apr 14, 2023 · 5 comments

Comments

@JayGhiya
Copy link

JayGhiya commented Apr 14, 2023
edited
Loading

This is regards to api specification mentioned in . The philosophy is to have async behavior through call back apis. The reference for open api spec implementing async apis through callback is mentioned here: https://swagger.io/docs/specification/callbacks/ . Any reason why we have not followed the methodology recommended by openapi ? @ravi-prakash-v
@venkatramanm
Copy link

I don't know the details in depth but beckn APIs were created prior to 3.0 and callbacks are a newer feature in open API. New incorporating 3.0 spec could cause a backwards compatibility issue for all participants. Unless there is a strong reason, i would leave it as is but this is a community call.

@JayGhiya
Copy link
Author

JayGhiya commented Apr 18, 2023
edited
Loading

@venkatramanm fair point regarding backward compatibility concern but that is what versioning in api is solving even before openapi spec came. Also openapi spec has version tag for each api. We should definitely make use of it instead of being incompliant. @venkatramanm @ravi-prakash-v shall I open a compliance issue for beckn mobility spec and contribute towards it.

@venkatramanm
Copy link

Thanks for the suggestion.
You could submit a feature request against the core protocol as it is the core that is derived everywhere. Which version of beckn, we may want to absorb is a separate question. Rather than an issue, it is probably a feature of open API not used and could be used. Not using this feature of open API, does not diminish the usability of the protocol, but could be nice to have. Please feel free to submit a Pull Request to absorb this feature. The core team would review and absorb it in a future release when deemed fit.
@beckn/core-working-group comments?

@venkatramanm
Copy link

There may be a Security concern of passing callback url in transaction api .

A bad actor could cause systems to have Dos by passing url same as the calling url. For e.g.

Currently the scheme of deriving callback url from the registry lookup could be a safer option. May need a discussion.

@ravi-prakash-v
Copy link

@JayGhiya Beckn protocol is not constrained by Open API 3.0 or JSON Schema standards. Callbacks are treated as an independent endpoint that is implemented by BAPs. In fact beckn protocol is agnostic of technology used i.e HTTP/REST. The Open API 3.0 document is one instance of how beckn protocol can be used in HTTP-based applications.

It is however a good idea to move the API doc to a more generic specification like Async API Spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@venkatramanm @JayGhiya @ravi-prakash-v