AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-05-31 · Documentation low

File: solutions/latest/generative-ai-application-builder-on-aws/api-reference.md

Summary

Added Shared Use Case APIs section with details endpoint, restructured authorization requirements, added feedback API documentation, and updated prompt template specifications

Security assessment

Changes emphasize authorization requirements (Amazon Cognito JWT tokens) for API access but do not indicate remediation of a security vulnerability. The updates document existing security controls rather than address new vulnerabilities.

Diff

diff --git a/solutions/latest/generative-ai-application-builder-on-aws/api-reference.md b/solutions/latest/generative-ai-application-builder-on-aws/api-reference.md
index 3af2c53c9..053b866e6 100644
--- a//solutions/latest/generative-ai-application-builder-on-aws/api-reference.md
+++ b//solutions/latest/generative-ai-application-builder-on-aws/api-reference.md
@@ -5 +5 @@
-Deployment dashboardText use caseAgent use case
+Deployment dashboardShared Use Case APIsText use caseAgent use case
@@ -146 +146,7 @@ For updates, the structure is the same as above with some caveats:
-## Text use case
+## Shared Use Case APIs
+
+The following REST API endpoints are available for both Text and Agent use cases:
+
+REST API | HTTP method | Functionality | Authorized callers  
+---|---|---|---  
+`/details/{useCaseConfigKey}` |  `GET` |  Gets configuration details for a specific use case. |  Amazon Cognito authenticated JWT token  
@@ -151 +156,0 @@ WebSocket API | Functionality | Authorized callers
-`/sendMessage` |  Sends user’s chat message to the WebSocket for processing with the configured LLM experience. |  Amazon Cognito authenticated JWT token  
@@ -153,0 +159,19 @@ WebSocket API | Functionality | Authorized callers
+**Use Case Details API**
+
+The details API endpoint retrieves information about a specific use case:
+    
+    
+    GET /details/{useCaseConfigKey}
+
+This endpoint returns the configuration details for a specific use case, including model parameters, knowledge base settings, and other deployment information. It requires an Amazon Cognito authenticated JWT token for authorization.
+
+## Text use case
+
+WebSocket API | Functionality | Authorized callers  
+---|---|---  
+`/sendMessage` |  Sends user’s chat message to the WebSocket for processing with the configured LLM experience. |  Amazon Cognito authenticated JWT token  
+  
+REST API | HTTP method | Functionality | Authorized callers  
+---|---|---|---  
+`/feedback/{useCaseId}` |  `POST` |  Submits user feedback for a specific use case. |  Amazon Cognito authenticated JWT token  
+  
@@ -174 +198 @@ Parameter Name | Type | Description
-**promptTemplate** |  `String` [Optional] |  Overrides the prompt template for this message. If empty or not provided, will default to the prompt set at deployment time. Must have the proper placeholders specified for the given configuration (i.e. {history} and {input} for non-RAG deployments, with the addition of {context} if using RAG.  
+**promptTemplate** |  `String` [Optional] |  Overrides the prompt template for this message. If empty or not provided, will default to the prompt set at deployment time. Must have the proper placeholders specified for the given configuration (i.e. {history} and {input} for non-RAG Sagemaker AI deployments, with the addition of {context} if using RAG for all deployments.  
@@ -220,0 +245,19 @@ Parameter Name | Type | Description
+**Feedback API Payload**
+
+Below is an example of a POST payload to the `/feedback/{useCaseId}` endpoint, which will submit user feedback for a specific use case:
+    
+    
+    {
+      "useCaseRecordKey": "12345678-12345678",
+      "conversationId": "12345678-1234-1234-1234-123456789012",
+      "messageId": "12345678-1234-1234-1234-123456789012",
+      "feedback": "positive",
+      "feedbackReason": ["accurate", "helpful"],
+      "comment": "This response was very helpful.",
+      "rephrasedQuery": "What are the key features of Amazon Bedrock?",
+      "sourceDocuments": [
+        "s3://bucket-name/document1.pdf",
+        "s3://bucket-name/document2.pdf"
+      ]
+    }
+
@@ -225,4 +268 @@ WebSocket API | Functionality | Authorized callers
-`/$connect` |  Initiate WebSocket connection and authenticate user. |  Amazon Cognito authenticated JWT token  
-`/invokeAgent` |  Sends user’s message to the WebSocket for processing with the configured agent. |  Amazon Cognito authenticated JWT token  
-`/$disconnect` |  Endpoint called when a WebSocket connection has been disconnected. |  Amazon Cognito authenticated JWT token  
-`/$default` |  Default endpoint called when a non-JSON request is made. Defaults back to the same backing Lambda function. |  Amazon Cognito authenticated JWT token  
+`/invokeAgent` |  Sends user’s message to the WebSocket for processing with the configured agent. |  Amazon Cognito authenticated JWT token