Echo Service (/echo)

book

Article ID: 186849

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We received an alert from the security team asking us to remove the /echo API since it can be used to run malicious code running XSS/Javascript.

Before removing it, I would like to know what is it's purpose and can we remove it safely?

 

Environment

Release : 9.3

Component : API GTW ENTERPRISE MANAGER

Resolution

The echo service which gets laid down with the portal integration can safely be disabled. It is merely a demo service which can be used to test api proxies and just returns the same payload sent to it.