Check: SRG-APP-000945-API-001635
Application Programming Interface (API) SRG:
SRG-APP-000945-API-001635
(in version v1 r1)
Title
API must use a circuit breaker pattern to handle failures and timeouts. (Cat II impact)
Discussion
A circuit breaker pattern is essential in APIs to prevent cascading failures and improve system resilience. It monitors API calls and temporarily blocks requests when failures reach a threshold, allowing the system to recover before retrying.
Check Content
Verify the API uses a circuit breaker pattern to handle failures and timeouts. Review the API documentation or the system's architecture documentation. The pattern might be explicitly mentioned as part of the API's design to handle failures and timeouts. If a circuit breaker pattern is not being used, this a finding.
Fix Text
Configure the API to use a circuit breaker pattern to handle failures and timeouts.
Additional Identifiers
Rule ID: SV-274835r1143875_rule
Vulnerability ID: V-274835
Group Title: SRG-APP-000945
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-004992 |
Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organization-defined privacy functions are discovered. |
Controls
| Number | Title |
|---|---|
| SI-6 |
Security and Privacy Function Verification |