Prevent subscription to third-party gateway APIs (AWS, etc.)

[Copilot]

Users can currently subscribe to APIs deployed on AWS API Gateway and other third-party gateways from the Developer Portal, which should not be allowed.

Changes

• Added gatewayVendor filter to subscription eligibility check in APICardView.jsx

  • Only APIs with gatewayVendor === 'wso2' or undefined are now subscribable
  • Third-party gateway APIs (AWS, Azure, etc.) will show "Not Allowed" status

• Refactored subscription logic for clarity

  • Replaced nested double-negation condition with explicit boolean variables
  • isWSO2Gateway, isNotSubscribed, isNotAdvertised, canSubscribe

Implementation

// Before: Missing gatewayVendor check
if (!((!subscribedIds.includes(api.id) && !api.advertiseInfo.advertised)
    && api.isSubscriptionAvailable)) {
    api.throttlingPolicies = null;
}

// After: Filter third-party gateway APIs
const isWSO2Gateway = api.gatewayVendor === 'wso2' || !api.gatewayVendor;
const canSubscribe = isNotSubscribed && isNotAdvertised
    && api.isSubscriptionAvailable && isWSO2Gateway;

if (!canSubscribe) {
    api.throttlingPolicies = null;
}

This follows the existing pattern used throughout the devportal for filtering third-party gateway APIs.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• scarf.sh
  • Triggering command: /usr/local/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Can subscribe to APIs deployed in AWS API Gateway</issue_title>
<issue_description>### Description

Users are not intended to be able to subscribe to APIs deployed in AWS API Gateway. However, when accessing an application and attempting to subscribe to an API through the application, we can still view the APIs deployed in AWS API Gateway and, through this option, we can subscribe to the API.

Steps to Reproduce

1. Deploy an API in AWS API Gateway.
2. Go to Devportal and create an applcaiton.
3. Go to the created application and select Subscriptions. Here you can subscribe to the API deployed at step 1.

Version

4.5.0

Environment Details (with versions)

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Can subscribe to APIs deployed in AWS API Gateway api-manager#3828

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Please retry analysis of this Pull-Request directly on SonarQube Cloud