feat(core): add endpoint for creating inbound webhook connector

[foukou19]

feat(api): add CRUD and validation for webhook configurations

What this PR Provides

This PR introduces the API endpoints for managing (CRUD) inbound webhook configurations.
It establishes the foundation for receiving data from external systems by allowing users to define how incoming payloads should be mapped to entities.

The contract now separates the entity dynamic mappings from the webhook connector.
Mappings are created and managed independently, then referenced by the webhook connector through their identifiers. This keeps mappings reusable across connectors and decouples transformation logic from connector configuration.

The core logic of this PR includes:

• CRUD API for Entity Dynamic Mappings: Implementation of the following endpoints:
  • POST /api/v1/entity-dynamic-mappings: To create a new mapping rule.
  • GET /api/v1/entity-dynamic-mappings: To list all existing mappings (paginated).
  • GET /api/v1/entity-dynamic-mappings/{identifier}: To retrieve a specific mapping.
  • PUT /api/v1/entity-dynamic-mappings/{identifier}: To update an existing mapping.
  • DELETE /api/v1/entity-dynamic-mappings/{identifier}: To delete a mapping.
• CRUD API for Webhooks: Implementation of the following endpoints:
  • POST /api/v1/inbound-webhooks: To create a new webhook configuration.
  • GET /api/v1/inbound-webhooks: To list all existing configurations (paginated).
  • GET /api/v1/inbound-webhooks/{identifier}: To retrieve a specific configuration.
  • PUT /api/v1/inbound-webhooks/{identifier}: To update an existing configuration.
  • DELETE /api/v1/inbound-webhooks/{identifier}: To delete a configuration.
• Mapping References: A webhook connector no longer embeds mappings inline. It references existing mappings through the mapping_identifiers array. Each referenced mapping existence is validated before the connector is persisted.
• JSLT Mapping Validation: Upon mapping creation (POST) or update (PUT), the backend validates the syntax of all JSLT expressions (filter, entity.identifier, entity.title, properties.*, relations.*). This prevents saving mappings with invalid transformation logic.
• Enabled Guard: When a webhook connector is created or updated with an empty mapping_identifiers list, enabled is automatically forced to false, since a connector without mappings cannot process events.
• Security Scheme Validation: The configuration accepts and validates a security object expressed as { type, config }. The supported types are:
  • NONE: No authentication (open connector).
  • HMAC_SHA256: Signature validation using a shared secret (e.g., GitHub, Sonar).
  • STATIC_TOKEN: Simple authentication using a static token in a header.
  • BASIC_AUTH: HTTP Basic authentication using a username and a secret alias.
  • JWT_BEARER: Bearer token validation against a JWKS endpoint.

Review

The reviewer must double-check these points:

• The reviewer has tested the feature
• The reviewer has reviewed the implementation of the feature
• The documentation has been updated
• The feature implementation respects the Technical Doc / ADR previously produced

How to test

1. Initial State

• The application is running.
• No entity dynamic mappings and no webhook configurations exist initially.

2. What and how to test

A. Create a Valid Entity Dynamic Mapping

1. Send a POST request to /api/v1/entity-dynamic-mappings with the following JSON body:

   {
     "identifier": "sonar_project_mapping",
     "template": "sonar_project",
     "filter": ".visibility == \"private\"",
     "name": "Sonar Project Mapping",
     "description": "Maps Sonar private projects to entities",
     "entity": {
       "identifier": ".key | tostring",
       "title": ".name",
       "properties": {
         "project_name": ".name | tostring"
       },
       "relations": {}
     }
   }

2. Expected Result: The request succeeds with a 201 Created status, and the response body contains the created mapping.

B. Attempt to Create a Mapping with Invalid JSLT

1. Send a POST request to /api/v1/entity-dynamic-mappings with a malformed JSLT expression (e.g., a missing closing parenthesis):

   {
     "identifier": "invalid_jslt_mapping",
     "template": "test",
     "filter": ".visibility == \"private\"",
     "name": "Invalid JSLT Mapping",
     "entity": {
       "identifier": ".key | tostring(",
       "title": ".name",
       "properties": {},
       "relations": {}
     }
   }

2. Expected Result: The request fails with a 400 Bad Request status, and the error message indicates a JSLT syntax validation error.

C. Create a Valid Webhook Configuration Referencing the Mapping

1. Send a POST request to /api/v1/inbound-webhooks with the following JSON body:

   {
     "identifier": "sonar_webhook",
     "title": "Sonar Webhook",
     "description": "Receives events from Sonar",
     "enabled": true,
     "mapping_identifiers": ["sonar_project_mapping"],
     "security": {
       "type": "HMAC_SHA256",
       "config": {
         "header_name": "X-Sonar-Webhook-HMAC-SHA256",
         "secret_alias": "SONAR_WEBHOOK_SECRET"
       }
     }
   }

2. Expected Result: The request succeeds with a 201 Created status, and the response body contains the created configuration with its resolved mappings.

D. Attempt to Reference a Non-Existent Mapping

1. Send a POST request to /api/v1/inbound-webhooks referencing an unknown mapping:

   {
     "identifier": "webhook_unknown_mapping",
     "title": "Webhook Unknown Mapping",
     "enabled": true,
     "mapping_identifiers": ["does_not_exist"],
     "security": {
       "type": "NONE",
       "config": {}
     }
   }

2. Expected Result: The request fails with a 404 Not Found status, and the error message indicates that the referenced mapping does not exist.

E. Verify the Enabled Guard with Empty Mappings

1. Send a POST request to /api/v1/inbound-webhooks with an empty mapping_identifiers list while setting "enabled": true:

   {
     "identifier": "no_mapping_webhook",
     "title": "No Mapping Webhook",
     "enabled": true,
     "mapping_identifiers": [],
     "security": {
       "type": "NONE",
       "config": {}
     }
   }

2. Expected Result: The request succeeds with a 201 Created status, but the response shows "enabled": false, because a connector without mappings is forced to be disabled.

F. Attempt to Create a Configuration with an Invalid Security Type

1. Send a POST request to /api/v1/inbound-webhooks with an unsupported security type:

   {
     "identifier": "invalid_security_webhook",
     "title": "Invalid Security",
     "enabled": true,
     "mapping_identifiers": ["sonar_project_mapping"],
     "security": {
       "type": "INVALID_TYPE",
       "config": {}
     }
   }

2. Expected Result: The request fails with a 400 Bad Request status, and the error message indicates that the security type is not supported.

G. Read, Update, and Delete the Configuration

1. GET: Send a GET request to /api/v1/inbound-webhooks/sonar_webhook.
   • Expected Result: The request succeeds with a 200 OK status and returns the full configuration for sonar_webhook, including the resolved mappings.
2. PUT: Send a PUT request to /api/v1/inbound-webhooks/sonar_webhook with "enabled": false and the same mapping_identifiers.
   • Expected Result: The request succeeds with a 200 OK status. A subsequent GET request should show "enabled": false.
3. DELETE: Send a DELETE request to /api/v1/inbound-webhooks/sonar_webhook.
   • Expected Result: The request succeeds with a 204 No Content status.
4. Verify Deletion: Send a GET request to /api/v1/inbound-webhooks/sonar_webhook.
   • Expected Result: The request fails with a 404 Not Found status.

Breaking changes (if any)

N/A

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ brandPittCode
❌ foukou19
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[foukou19]

validate security type using enum

[Copilot]

Pull request overview

This PR introduces inbound webhook connectors in IDP-Core: a management API to CRUD connector configurations (identifier/title, security strategy, dynamic mappings) and a generic public webhook ingestion endpoint that authenticates requests based on the stored connector security settings.

Changes:

• Add webhook connector persistence (Flyway migrations, JPA entities/repositories, Postgres adapter) and domain models/services for CRUD + validation.
• Add runtime webhook ingestion endpoint (POST /webhooks/{configurationId}) with strategy-based security validation (HMAC, static token, basic auth, JWT bearer, none).
• Add JSLT-based mapping validation plus docs and test coverage for the new behavior.

Reviewed changes

Copilot reviewed 87 out of 91 changed files in this pull request and generated 17 comments.

Show a summary per file

File	Description
src/test/resources/integration_test/json/webhook/v1/putWebhook_409_title_already_exists.json	Test payload for update conflict (title)
src/test/resources/integration_test/json/webhook/v1/putWebhook_200.json	Test payload for successful update
src/test/resources/integration_test/json/webhook/v1/postWebhook_409_identifier_already_exists.json	Test payload for create conflict (identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_mappings_empty.json	Test payload for create validation (empty mappings)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_invalid_security_type.json	Test payload for create validation (invalid security type)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_invalid_jslt.json	Test payload for create validation (invalid JSLT)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_identifier_missing.json	Test payload for create validation (missing identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_400_identifier_blank.json	Test payload for create validation (blank identifier)
src/test/resources/integration_test/json/webhook/v1/postWebhook_201.json	Test payload for successful create
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityValidatorDispatcherTest.java	Unit tests for runtime strategy dispatch
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/StaticTokenSecurityValidatorTest.java	Unit tests for static token runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/JwtBearerSecurityValidatorTest.java	Unit tests for JWT bearer runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSignatureValidatorTest.java	Unit tests for HMAC digest helper
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/StaticTokenWebhookSecurityCreationValidatorTest.java	Unit tests for static token config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/JwtBearerWebhookSecurityCreationValidatorTest.java	Unit tests for JWT bearer config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/HmacSha256WebhookSecurityCreationValidatorTest.java	Unit tests for HMAC config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/creation/BasicAuthWebhookSecurityCreationValidatorTest.java	Unit tests for basic auth config validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidatorTest.java	Unit tests for basic auth runtime validation
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapperTest.java	Unit tests for API ↔ domain mapping
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/handler/ApiExceptionHandlerTest.java	Adds coverage for new webhook/mapping exceptions
src/test/java/com/decathlon/idp_core/infrastructure/adapters/api/controller/InboundWebhookManagementControllerTest.java	Integration tests for webhook connector management API
src/test/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationServiceTest.java	Unit tests for connector validation logic
src/test/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorServiceTest.java	Unit tests for connector CRUD orchestration
src/test/java/com/decathlon/idp_core/domain/service/webhook/security/WebhookSecurityValidationServiceTest.java	Unit tests for security config validation service
src/test/java/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationServiceTest.java	Unit tests for mapping ↔ template validation
src/main/resources/db/migration/V4_2__create_webhook_template_mapping_table.sql	Flyway migration for connector↔template mapping table
src/main/resources/db/migration/V4_1__create_webhook_connector_table.sql	Flyway migration for webhook connector table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/service/InboundWebhookHandler.java	Runtime handler: resolve connector + validate security
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityValidatorDispatcher.java	Runtime strategy dispatcher for security validators
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookSecurityConfigurationUtils.java	Shared utilities for config lookup/secret resolution
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/WebhookJwtDecoderProvider.java	Cached JWT decoder provider keyed by JWKS URI
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/StaticTokenSecurityValidator.java	Static token security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/JwtBearerSecurityValidator.java	JWT bearer security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSignatureValidator.java	HMAC digest helper used by HMAC strategy
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/HmacSha256SecurityValidator.java	HMAC SHA-256 security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/security/BasicAuthSecurityValidator.java	Basic auth security strategy implementation
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/StaticTokenConfig.java	Polymorphic security config model (static token)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/SecurityConfig.java	Polymorphic security config interface
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/JwtBearerConfig.java	Polymorphic security config model (JWT bearer)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/HmacConfig.java	Polymorphic security config model (HMAC)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/model/BasicAuthConfig.java	Polymorphic security config model (basic auth)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/webhook/controller/InboundWebhookController.java	Public webhook ingestion endpoint
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/repository/JpaWebhookTemplateMappingRepository.java	JPA repository for mapping table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/repository/JpaWebhookConnectorRepository.java	JPA repository for connector table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/PostgresWebhookConnectorAdapter.java	Implements connector repository port + mapping persistence
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/model/webhook/WebhookTemplateMappingJpaEntity.java	JPA entity for mapping table
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/model/webhook/WebhookConnectorJpaEntity.java	JPA entity for connector table (JSONB columns)
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/mapper/WebhookConnectorPersistenceMapper.java	MapStruct mapping: domain ↔ JPA
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/mapper/common/WebhookConnectorJsonbHelper.java	JSONB serialization/deserialization helper
src/main/java/com/decathlon/idp_core/infrastructure/adapters/persistence/configuration/JpaAuditingConfiguration.java	Enables JPA auditing for created/updated timestamps
src/main/java/com/decathlon/idp_core/infrastructure/adapters/entity_mapping/jslt/JsltEntityMappingValidator.java	Infrastructure validator for JSLT expressions
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/mapper/webhook/InboundWebhookMapper.java	API DTO ↔ domain mapping for inbound webhooks
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/handler/ApiExceptionHandler.java	Adds exception→HTTP mappings for webhook features
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookSecurityDtoOut.java	Outbound DTO for security type
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookMappingDtoOut.java	Outbound DTO for mapping rule
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookEntityMappingDtoOut.java	Outbound DTO for entity mapping
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/out/webhook/InboundWebhookDtoOut.java	Outbound DTO for connector
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookSecurityContractDtoIn.java	Inbound DTO for {type, config} security contract
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookMappingDtoIn.java	Inbound DTO for mapping rule
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookEntityMappingDtoIn.java	Inbound DTO for entity mapping
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/dto/in/InboundWebhookCreateDtoIn.java	Inbound DTO for connector create/update
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/controller/InboundWebhookManagementController.java	CRUD + listing API for connectors
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SwaggerDescription.java	Adds OpenAPI description constants
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SwaggerConfiguration.java	Adds Page schema for connector listing
src/main/java/com/decathlon/idp_core/infrastructure/adapters/api/configuration/SecurityConfiguration.java	Permits /webhooks/** and disables CSRF there
src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorValidationService.java	Domain validation: uniqueness + mapping + security
src/main/java/com/decathlon/idp_core/domain/service/webhook/WebhookConnectorService.java	Domain service: connector CRUD orchestration
src/main/java/com/decathlon/idp_core/domain/service/webhook/security/WebhookSecurityValidationService.java	Domain service: validate security configs
src/main/java/com/decathlon/idp_core/domain/service/webhook/EntityDynamicMappingValidationService.java	Domain validation: mapping keys vs template + required fields
src/main/java/com/decathlon/idp_core/domain/service/entity_template/EntityTemplateValidationService.java	Adds template property/relation lookup validation helpers
src/main/java/com/decathlon/idp_core/domain/port/WebhookSecurityStrategy.java	Port contract for security strategies
src/main/java/com/decathlon/idp_core/domain/port/WebhookConnectorRepositoryPort.java	Port contract for connector persistence
src/main/java/com/decathlon/idp_core/domain/port/EntityDynamicMapperValidator.java	Port contract for mapping DSL validation
src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookSecurity.java	Domain model for security type + config
src/main/java/com/decathlon/idp_core/domain/model/webhook/WebhookConnector.java	Domain aggregate for connector configuration
src/main/java/com/decathlon/idp_core/domain/model/enums/WebhookSecurityType.java	Enum of supported security strategies
src/main/java/com/decathlon/idp_core/domain/model/entity_mapping/EntityDynamicMapping.java	Domain model for mapping rule
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookTemplateHasNoPropertiesException.java	Domain exception for invalid mapping vs template
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookSecurityConfigurationException.java	Domain exception for invalid security configuration
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorTitleAlreadyExistsException.java	Domain exception for title conflict
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorNotFoundException.java	Domain exception for missing connector
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookConnectorAlreadyExistException.java	Domain exception for identifier conflict
src/main/java/com/decathlon/idp_core/domain/exception/webhook/WebhookAuthenticationException.java	Domain exception for runtime auth failures
src/main/java/com/decathlon/idp_core/domain/exception/entity_template/RelationNameNotFoundEntityTemplateRelationsException.java	Domain exception for invalid relation name
src/main/java/com/decathlon/idp_core/domain/exception/entity_template/PropertyNameNotFoundEntityTemplatePropertiesException.java	Domain exception for invalid property name
src/main/java/com/decathlon/idp_core/domain/exception/entity_mapping/EntityDynamicMappingConfigurationException.java	Domain exception for invalid mapping DSL
src/main/java/com/decathlon/idp_core/domain/constant/ValidationMessages.java	Adds webhook validation message constants
pom.xml	Adds JSLT dependency
docs/zensical.toml	Adds webhooks page to docs navigation
docs/src/concepts/webhooks.md	New docs page describing connectors, mappings, security
docs/src/concepts/index.md	Links webhooks concept from the concepts index

[brandPittCode]

Suggested change

	private void validateRelationNameAlreadyExistInTemplate(Map<String, String> webhookMappingRelations, EntityTemplate entityTemplate) {
	private void validateRelationsExistsInTemplate(Map<String, String> webhookMappingRelations, EntityTemplate entityTemplate) {
	if (webhookMappingRelations == null || webhookMappingRelations.isEmpty()) {
	return;
	}
	List<String> unknownRelations = webhookMappingRelations.keySet().stream()
	.filter(relationName -> entityTemplate.relationsDefinitions().stream()
	.noneMatch(rd -> rd.name().equals(relationName)))
	.toList();
	if (!unknownRelations.isEmpty()) {
	throw new WebhookTemplateHasNoPropertiesException(
	String.format("The mapping references unknown relations: %s", String.join(", ", unknownRelations))
	);
	}
	}

[brandPittCode]

This componet will be implemented in the Generic Camel Route. Integration to discuss.

[github-code-quality]

Code Coverage Overview

Languages: Java

Java / code-coverage/jacoco

The overall coverage in the feat/idp-core-add-in... branch is 89%. The coverage in the main branch is 90%.

Show a code coverage summary of the most impacted files.

File	main 1c61c1e	feat/idp-core-add-in... 7f94b59	+/-
com/decathlon/i...ationUtils.java	0%	80%	+80%
com/decathlon/i...MapperImpl.java	0%	94%	+94%
com/decathlon/i...torAdapter.java	0%	95%	+95%
com/decathlon/i...MapperImpl.java	0%	95%	+95%
com/decathlon/i...ingService.java	0%	97%	+97%
com/decathlon/i...gValidator.java	0%	100%	+100%
com/decathlon/i...ionService.java	0%	100%	+100%
com/decathlon/i...pingMapper.java	0%	100%	+100%
com/decathlon/i...torService.java	0%	100%	+100%
com/decathlon/i...ionService.java	0%	100%	+100%

---

_{Updated June 25, 2026 09:17 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 111 out of 115 changed files in this pull request and generated 20 comments.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
84.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[brandPittCode]

Here we should use validation message constants instead of string.

[brandPittCode]

Here we should use validation message constants instead of string.

[brandPittCode]

Here we should use validation message constants instead of string.

[brandPittCode]

Here we should use validation message constants instead of string.

[brandPittCode]

Here we should use validation message constants instead of strings.

[brandPittCode]

Here we should use validation message constants instead of strings.

[brandPittCode]

We can discuss the rule @evebrnd @RVANDO12 of validateTitleUniqueness

[brandPittCode]

We should use domain identifier instead that technical uuid. @RVANDO12 @evebrnd

[brandPittCode]

This more like a EntityDynamicMapping concern? @evebrnd @RVANDO12

[brandPittCode]

Update to have only the used elements of the library.

[brandPittCode]

Fo me this propety validations should not be made here. Instead in a EntityDynamicMappingValidationService given the fact that it more a mapping concern to check that what its beeing mapped is valid an it can use or add a method in PropertyValidationService lik validatePropertiesAgainstTemplate @evebrnd @RVANDO12

maybe to create a new metho validateAgainstTemplate(EntityTemplate template, List propertyNames)

Also we are throwing a WebhookTemplateHasNoPropertiesException in a EntitytemplateValidationService

[brandPittCode]

Update Open API

[brandPittCode]

This can be updated to use PropertyValidationService.validatePropertiesAgainstTemplate()

[etiennej70]

Suggested change

	| `POST` | `/api/v1/inbound-webhooks` | Create a webhook connector configuration |
	| `POST` | `/api/v1/inbound_webhooks` | Create a webhook connector configuration |

From Decathlon API rules, you should prefer underscores over hyphens. Hyphens are used for ranges in URL parameters

[etiennej70]

Suggested change

	Runtime-configurable connectors that authenticate external events and map payloads to your data model.
	Runtime-configurable connectors to push your data from external systems within your IDP. You can map any source in your data model in minutes!

[etiennej70]

Suggested change

	Webhooks let external systems push JSON events to IDP-Core through a generic HTTP endpoint. You configure a webhook connector at runtime, choose a security strategy, and define mappings that translate incoming payloads into entity data with JSLT expressions.
	Webhooks let external systems push JSON events to the Internal Developer Platform through a generic HTTP endpoint. You configure a webhook connector at runtime, choose a security strategy, and define mappings that translate incoming payloads into entity data with JSLT expressions.

[etiennej70]

Please format the table

[etiennej70]

Is it a JSLT expression here? Sounds more like a JQ one

[etiennej70]

Suggested change

	When you create or update a connector, IDP-Core validates each mapping against the target Entity Template.
	When you create or update a connector, the IDP validates each mapping against the target Entity Template.

Please do not use IDP-Core in the user documentation. Replace by IDP / Internal Developer Platform