Feedback: v2024 undocumented endpoint POST /source-apps/:id/access-profiles

Good day!

I discovered this route on a whim, looking for a replacement for updating access profiles associated with an application.
With the cc endpoint you could patch in a list of access profiles, I wanted to be able to provide a list of access profile IDs and have it update the app.

As it is undocumented, I’m assuming it is not complete. I just wanted to provide some feedback regarding functionality.

Any errors that occur during the POST will result in all access profiles being removed from the app.
If, for example, a bad application ID is provided, when the new list of application IDs is passed it will fail the process, resulting in all existing access profiles from the application being removed. I would expect that error handling would occur prior to the existing application being modified.
Expected result: Existing access profiles remain in place.

Access profiles not found result in generic 404
If an invalid access profile ID is posted, a 404 is presented, however it looks the same as the 404 as if the application was not found. This is confusing as it doesn’t specify that it was an access profile not found.
Expected result: Declare which resource is not found if it is not the app that can’t be found

The correct way to add/modify/remove access profiles on an app is to use the PATCH endpoint.

Thanks @colin_mckibben! I was aware of patching in the access profiles by patching the app, I was just looking at this as an alternative method. I’ll go with the Colin Approved method for production.

1 Like