account-lookup-service 17.12.3-snapshot.1 → 17.12.3

package/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [17.12.3](https://github.com/mojaloop/account-lookup-service/compare/v17.12.2...v17.12.3) (2025-08-26)
+
+
+### Bug Fixes
+
+* add validation for missing ID or SubId ([#565](https://github.com/mojaloop/account-lookup-service/issues/565)) ([8db0d1c](https://github.com/mojaloop/account-lookup-service/commit/8db0d1c1af7e858680280542f25201a655ae218e))
+
+
+### Chore
+
+* **sbom:** update sbom [skip ci] ([f63ce0f](https://github.com/mojaloop/account-lookup-service/commit/f63ce0fc2169ed55594863f809c79183dbfd8550))
+
 ### [17.12.2](https://github.com/mojaloop/account-lookup-service/compare/v17.12.1...v17.12.2) (2025-08-01)
 
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "account-lookup-service",
   "description": "Account Lookup Service is used to validate Party and Participant lookups.",
-  "version": "17.12.3-snapshot.1",
+  "version": "17.12.3",
   "license": "Apache-2.0",
   "author": "ModusBox",
   "contributors": [

package/src/domain/participants/participants.js

@@ -41,6 +41,53 @@ const util = require('../../lib/util')
 
 const { FSPIOPErrorCodes } = ErrorHandler.Enums
 
+/**
+ * @function getCallbackEndpointTypes
+ * @description Determines the callback and error callback endpoint types based on SubId presence
+ * @param {string|undefined} partySubIdOrType - The SubId parameter
+ * @returns {object} Object containing callbackEndpointType and errorCallbackEndpointType
+ */
+const getCallbackEndpointTypes = (partySubIdOrType) => {
+  return {
+    callbackEndpointType: partySubIdOrType
+      ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT
+      : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT,
+    errorCallbackEndpointType: partySubIdOrType
+      ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
+      : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+  }
+}
+
+/**
+ * @function validatePathParameters
+ * @description Validates that path parameters are not placeholder values like {ID} or {SubId}
+ * @param {object} params - The path parameters object
+ * @param {object} log - Logger instance for error logging
+ * @throws {FSPIOPError} When parameters contain placeholder values
+ */
+const validatePathParameters = (params, log = logger) => {
+  // Validate that ID is not a placeholder value
+  if (params.ID && (params.ID === '{ID}' || params.ID.includes('{') || params.ID.includes('}'))) {
+    const errMessage = `Invalid ID parameter: ${params.ID}. ID must not be a placeholder value`
+    log.error(errMessage, { params })
+    throw ErrorHandler.Factory.createFSPIOPError(
+      ErrorHandler.Enums.FSPIOPErrorCodes.MALFORMED_SYNTAX,
+      errMessage
+    )
+  }
+
+  // Validate SubId if present
+  const partySubIdOrType = params.SubId
+  if (partySubIdOrType && (partySubIdOrType === '{SubId}' || partySubIdOrType.includes('{') || partySubIdOrType.includes('}'))) {
+    const errMessage = `Invalid SubId parameter: ${partySubIdOrType}. SubId must not be a placeholder value`
+    log.error(errMessage, { params })
+    throw ErrorHandler.Factory.createFSPIOPError(
+      ErrorHandler.Enums.FSPIOPErrorCodes.MALFORMED_SYNTAX,
+      errMessage
+    )
+  }
+}
+
 /**
  * @function getParticipantsByTypeAndID
  *
@@ -62,13 +109,12 @@ const getParticipantsByTypeAndID = async (headers, params, method, query, span,
   const log = logger.child('getParticipantsByTypeAndID')
   const type = params.Type
   const partySubIdOrType = params.SubId
+
+  // Validate path parameters
+  validatePathParameters(params, log)
+
   const source = headers[Enums.Http.Headers.FSPIOP.SOURCE]
-  const callbackEndpointType = partySubIdOrType
-    ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT
-    : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT
-  const errorCallbackEndpointType = params.SubId
-    ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
-    : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+  const { callbackEndpointType, errorCallbackEndpointType } = getCallbackEndpointTypes(partySubIdOrType)
 
   let fspiopError
   let step
@@ -180,8 +226,11 @@ const putParticipantsByTypeAndID = async (headers, params, method, payload, cach
     logger.info('putParticipantsByTypeAndID::begin')
     const type = params.Type
     const partySubIdOrType = params.SubId || undefined
-    const callbackEndpointType = partySubIdOrType ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT
-    const errorCallbackEndpointType = partySubIdOrType ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+
+    // Validate path parameters
+    validatePathParameters(params)
+
+    const { callbackEndpointType, errorCallbackEndpointType } = getCallbackEndpointTypes(partySubIdOrType)
     if (Object.values(Enums.Accounts.PartyAccountTypes).includes(type)) {
       step = 'validateParticipant-1'
       const requesterParticipantModel = await participant.validateParticipant(headers[Enums.Http.Headers.FSPIOP.SOURCE])
@@ -234,7 +283,7 @@ const putParticipantsByTypeAndID = async (headers, params, method, payload, cach
     logger.error('error in putParticipantsByTypeAndID:', err)
     let fspiopError
     try {
-      const errorCallbackEndpointType = params.SubId ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+      const { errorCallbackEndpointType } = getCallbackEndpointTypes(params.SubId)
       fspiopError = ErrorHandler.Factory.reformatFSPIOPError(err, ErrorHandler.Enums.FSPIOPErrorCodes.ADD_PARTY_INFO_ERROR)
       await participant.sendErrorToParticipant(headers[Enums.Http.Headers.FSPIOP.SOURCE], errorCallbackEndpointType,
         fspiopError.toApiErrorObject(Config.ERROR_HANDLING), headers, params)
@@ -272,6 +321,11 @@ const putParticipantsErrorByTypeAndID = async (headers, params, payload, dataUri
   let step
   try {
     const partySubIdOrType = params.SubId || undefined
+
+    // Validate path parameters
+    validatePathParameters(params)
+
+    // For error endpoints, we only need the error callback type
     const callbackEndpointType = partySubIdOrType
       ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
       : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
@@ -303,9 +357,7 @@ const putParticipantsErrorByTypeAndID = async (headers, params, payload, dataUri
     logger.error('error in putParticipantsErrorByTypeAndID:', err)
     try {
       const fspiopError = ErrorHandler.Factory.reformatFSPIOPError(err)
-      const callbackEndpointType = params.SubId
-        ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
-        : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+      const { errorCallbackEndpointType: callbackEndpointType } = getCallbackEndpointTypes(params.SubId)
       await participant.sendErrorToParticipant(
         headers[Enums.Http.Headers.FSPIOP.SOURCE],
         callbackEndpointType,
@@ -347,12 +399,11 @@ const postParticipants = async (headers, method, params, payload, span, cache) =
     logger.info('postParticipants::begin')
     const type = params.Type
     const partySubIdOrType = params.SubId
-    const callbackEndpointType = partySubIdOrType
-      ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT
-      : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT
-    const errorCallbackEndpointType = partySubIdOrType
-      ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
-      : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+
+    // Validate path parameters
+    validatePathParameters(params)
+
+    const { callbackEndpointType, errorCallbackEndpointType } = getCallbackEndpointTypes(partySubIdOrType)
 
     if (Object.values(Enums.Accounts.PartyAccountTypes).includes(type)) {
       step = 'validateParticipant-1'
@@ -415,9 +466,7 @@ const postParticipants = async (headers, method, params, payload, span, cache) =
       util.countFspiopError(fspiopError, { operation: 'postParticipants', step })
     }
     try {
-      const errorCallbackEndpointType = params.SubId
-        ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR
-        : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+      const { errorCallbackEndpointType } = getCallbackEndpointTypes(params.SubId)
       await participant.sendErrorToParticipant(headers[Enums.Http.Headers.FSPIOP.SOURCE], errorCallbackEndpointType,
         fspiopError.toApiErrorObject(Config.ERROR_HANDLING), headers, params, childSpan)
     } catch (exc) {
@@ -581,8 +630,11 @@ const deleteParticipants = async (headers, params, method, query, cache) => {
     log.debug('deleteParticipants::begin', { headers, params })
     const type = params.Type
     const partySubIdOrType = params.SubId || undefined
-    const callbackEndpointType = partySubIdOrType ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT
-    const errorCallbackEndpointType = partySubIdOrType ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+
+    // Validate path parameters
+    validatePathParameters(params, log)
+
+    const { callbackEndpointType, errorCallbackEndpointType } = getCallbackEndpointTypes(partySubIdOrType)
     if (Object.values(Enums.Accounts.PartyAccountTypes).includes(type)) {
       step = 'validateParticipant-1'
       const requesterParticipantModel = await participant.validateParticipant(headers[Enums.Http.Headers.FSPIOP.SOURCE])
@@ -624,7 +676,7 @@ const deleteParticipants = async (headers, params, method, query, cache) => {
     log.error('error in deleteParticipants', err)
     try {
       const fspiopError = ErrorHandler.Factory.reformatFSPIOPError(err, ErrorHandler.Enums.FSPIOPErrorCodes.DELETE_PARTY_INFO_ERROR)
-      const errorCallbackEndpointType = params.SubId ? Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_SUB_ID_PUT_ERROR : Enums.EndPoints.FspEndpointTypes.FSPIOP_CALLBACK_URL_PARTICIPANT_PUT_ERROR
+      const { errorCallbackEndpointType } = getCallbackEndpointTypes(params.SubId)
       await participant.sendErrorToParticipant(headers[Enums.Http.Headers.FSPIOP.SOURCE], errorCallbackEndpointType, fspiopError.toApiErrorObject(Config.ERROR_HANDLING), headers, params)
       util.countFspiopError(fspiopError, { operation: 'deleteParticipants', step })
     } catch (exc) {
@@ -642,5 +694,7 @@ module.exports = {
   putParticipantsErrorByTypeAndID,
   postParticipants,
   postParticipantsBatch,
-  deleteParticipants
+  deleteParticipants,
+  validatePathParameters,
+  getCallbackEndpointTypes
 }

package/src/domain/parties/services/BasePartiesService.js

@@ -168,9 +168,7 @@ class BasePartiesService {
 
   async sendDeleteOracleRequest (headers, params) {
     this.stepInProgress('sendDeleteOracleRequest')
-    const result = await this.deps.oracle.oracleRequest(headers, RestMethods.DELETE, params, null, null, this.deps.cache)
-    this.log.verbose('sendDeleteOracleRequest is done', { params })
-    return result
+    return this.deps.oracle.oracleRequest(headers, RestMethods.DELETE, params, null, null, this.deps.cache)
   }
 
   async removeProxyGetPartiesTimeoutCache (alsReq) {

package/src/lib/config.js

@@ -175,8 +175,7 @@ const config = {
   FEATURE_ENABLE_EXTENDED_PARTY_ID_TYPE: RC.FEATURE_ENABLE_EXTENDED_PARTY_ID_TYPE || false,
   PROTOCOL_VERSIONS: getProtocolVersions(DEFAULT_PROTOCOL_VERSION, RC.PROTOCOL_VERSIONS),
   PROXY_CACHE_CONFIG: RC.PROXY_CACHE,
-  DELETE_PARTICIPANT_VALIDATION_ENABLED: RC.DELETE_PARTICIPANT_VALIDATION_ENABLED || false,
-  HTTP_REQUEST_TIMEOUT_MS: RC.HTTP_REQUEST_TIMEOUT_MS ?? 20_000
+  DELETE_PARTICIPANT_VALIDATION_ENABLED: RC.DELETE_PARTICIPANT_VALIDATION_ENABLED || false
 }
 
 if (config.JWS_SIGN) {

package/src/models/oracle/facade.js

@@ -43,10 +43,7 @@ const { Headers, RestMethods, ReturnCodes } = Enums.Http
 const sendHttpRequest = ({ method, ...restArgs }) => request.sendRequest({
   ...restArgs,
   method: method.toUpperCase(),
-  hubNameRegex,
-  axiosRequestOptionsOverride: {
-    timeout: Config.HTTP_REQUEST_TIMEOUT_MS
-  }
+  hubNameRegex
 })
 
 /**

package/src/models/participantEndpoint/facade.js

@@ -37,9 +37,6 @@ const { logger } = require('../../lib')
 const { hubNameRegex } = require('../../lib/util').hubNameConfig
 
 const uriRegex = /(?:^.*)(\/(participants|parties|quotes|transfers)(\/.*)*)$/
-const axiosRequestOptionsOverride = {
-  timeout: Config.HTTP_REQUEST_TIMEOUT_MS
-}
 
 /**
  * @module src/models/participantEndpoint/facade
@@ -118,8 +115,7 @@ exports.sendRequest = async (headers, requestedParticipant, endpointType, method
       span,
       protocolVersions,
       hubNameRegex,
-      apiType: Config.API_TYPE,
-      axiosRequestOptionsOverride
+      apiType: Config.API_TYPE
     }
     logger.debug('participant - sendRequest params:', { params })
     params.jwsSigner = defineJwsSigner(Config, headers, requestedEndpoint)
@@ -256,8 +252,7 @@ exports.sendErrorToParticipant = async (participantName, endpointType, errorInfo
       hubNameRegex,
       span,
       protocolVersions,
-      apiType: Config.API_TYPE,
-      axiosRequestOptionsOverride
+      apiType: Config.API_TYPE
     }
     logger.debug('participant - sendErrorToParticipant params: ', { params })
     params.jwsSigner = defineJwsSigner(Config, clonedHeaders, requesterErrorEndpoint)

package/test/unit/api/participants/{Type}/{ID}.test.js

@@ -50,6 +50,76 @@ Logger.isInfoEnabled = jest.fn(() => true)
 let server
 let sandbox
 
+// Helper function to test missing parameter scenarios
+const testMissingParameter = (method, urlWithMissingParam, payloadRequired = false) => {
+  return async () => {
+    const options = {
+      method,
+      url: urlWithMissingParam,
+      headers: Helper.defaultSwitchHeaders
+    }
+
+    if (payloadRequired) {
+      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', method)
+      options.payload = mock.request.body
+    }
+
+    const response = await server.inject(options)
+
+    expect(response.statusCode).toBe(404)
+    expect(response.result.errorInformation).toBeDefined()
+    expect(response.result.errorInformation.errorCode).toBe('3002')
+    expect(response.result.errorInformation.errorDescription).toContain('Unknown URI')
+  }
+}
+
+// Helper function to test successful domain method calls
+const testSuccessfulDomainCall = (method, domainMethod, expectedStatus, pathOverride = null) => {
+  return async () => {
+    const path = pathOverride || '/participants/{Type}/{ID}'
+    const mock = await Helper.generateMockRequest(path, method)
+    const options = {
+      method,
+      url: mock.request.path,
+      headers: Helper.defaultSwitchHeaders,
+      payload: mock.request.body
+    }
+    sandbox.stub(participants, domainMethod).resolves({})
+
+    const response = await server.inject(options)
+
+    expect(response.statusCode).toBe(expectedStatus)
+    expect(participants[domainMethod].callCount).toBe(1)
+    expect(participants[domainMethod].getCall(0).returnValue).resolves.toStrictEqual({})
+
+    participants[domainMethod].restore()
+  }
+}
+
+// Helper function to test domain method error handling
+const testDomainMethodError = (method, domainMethod, expectedStatus, pathOverride = null) => {
+  return async () => {
+    const path = pathOverride || '/participants/{Type}/{ID}'
+    const mock = await Helper.generateMockRequest(path, method)
+    const options = {
+      method,
+      url: mock.request.path,
+      headers: Helper.defaultSwitchHeaders,
+      payload: mock.request.body
+    }
+    const throwError = new Error('Unknown error')
+    sandbox.stub(participants, domainMethod).rejects(throwError)
+
+    const response = await server.inject(options)
+
+    expect(response.statusCode).toBe(expectedStatus)
+    expect(participants[domainMethod].callCount).toBe(1)
+    expect(participants[domainMethod].getCall(0).returnValue).rejects.toStrictEqual(throwError)
+
+    participants[domainMethod].restore()
+  }
+}
+
 describe('/participants/{Type}/{ID}', () => {
   beforeAll(async () => {
     sandbox = Sinon.createSandbox()
@@ -66,27 +136,10 @@ describe('/participants/{Type}/{ID}', () => {
   })
 
   describe('GET /participants', () => {
-    it('returns 202 when getParticipantsByTypeAndID resolves', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'get')
-      const options = {
-        method: 'get',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders
-      }
-      sandbox.stub(participants, 'getParticipantsByTypeAndID').resolves({})
+    it('returns 404 when ID parameter is missing', testMissingParameter('get', '/participants/MSISDN/'))
+    it('returns 404 when Type parameter is missing', testMissingParameter('get', '/participants//123456789'))
 
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.getParticipantsByTypeAndID.callCount).toBe(1)
-      expect(participants.getParticipantsByTypeAndID.getCall(0).returnValue).resolves.toStrictEqual({})
-
-      // Cleanup
-      participants.getParticipantsByTypeAndID.restore()
-    })
+    it('returns 202 when getParticipantsByTypeAndID resolves', testSuccessfulDomainCall('get', 'getParticipantsByTypeAndID', 202))
 
     it('getParticipantsByTypeAndID sends an async 3204 for invalid party id on response with status 400', async () => {
       // Arrange
@@ -158,223 +211,36 @@ describe('/participants/{Type}/{ID}', () => {
       stubs.forEach(s => s.restore())
     })
 
-    it('returns 202 when getParticipantsByTypeAndID rejects with an unknown error', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'get')
-      const options = {
-        method: 'get',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders
-      }
-      const throwError = new Error('Unknown error')
-      sandbox.stub(participants, 'getParticipantsByTypeAndID').rejects(throwError)
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.getParticipantsByTypeAndID.callCount).toBe(1)
-      expect(participants.getParticipantsByTypeAndID.getCall(0).returnValue).rejects.toStrictEqual(throwError)
-
-      // Cleanup
-      participants.getParticipantsByTypeAndID.restore()
-    })
+    it('returns 202 when getParticipantsByTypeAndID rejects with an unknown error', testDomainMethodError('get', 'getParticipantsByTypeAndID', 202))
   })
 
   describe('POST /participants', () => {
-    it('returns 202 when postParticipants resolves', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'post')
-      const options = {
-        method: 'post',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      sandbox.stub(participants, 'postParticipants').resolves({})
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.postParticipants.callCount).toBe(1)
-      expect(participants.postParticipants.getCall(0).returnValue).resolves.toStrictEqual({})
-
-      // Cleanup
-      participants.postParticipants.restore()
-    })
-
-    it('returns 202 when postParticipants rejects with an unknown error', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'post')
-      const options = {
-        method: 'post',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      const throwError = new Error('Unknown error')
-      sandbox.stub(participants, 'postParticipants').rejects(throwError)
-
-      // Act
-      const response = await server.inject(options)
+    it('returns 404 when ID parameter is missing', testMissingParameter('post', '/participants/MSISDN/', true))
 
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.postParticipants.callCount).toBe(1)
-      expect(participants.postParticipants.getCall(0).returnValue).rejects.toStrictEqual(throwError)
+    it('returns 202 when postParticipants resolves', testSuccessfulDomainCall('post', 'postParticipants', 202))
 
-      // Cleanup
-      participants.postParticipants.restore()
-    })
+    it('returns 202 when postParticipants rejects with an unknown error', testDomainMethodError('post', 'postParticipants', 202))
   })
 
   describe('PUT /participants', () => {
-    it('returns 200 when putParticipantsByTypeAndID resolves', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'put')
-      const options = {
-        method: 'put',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      sandbox.stub(participants, 'putParticipantsByTypeAndID').resolves({})
+    it('returns 404 when ID parameter is missing', testMissingParameter('put', '/participants/MSISDN/', true))
 
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(200)
-      expect(participants.putParticipantsByTypeAndID.callCount).toBe(1)
-      expect(participants.putParticipantsByTypeAndID.getCall(0).returnValue).resolves.toStrictEqual({})
+    it('returns 200 when putParticipantsByTypeAndID resolves', testSuccessfulDomainCall('put', 'putParticipantsByTypeAndID', 200))
 
-      // Cleanup
-      participants.putParticipantsByTypeAndID.restore()
-    })
-
-    it('returns 200 when putParticipantsByTypeAndID rejects with an unknown error', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'put')
-      const options = {
-        method: 'put',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      const throwError = new Error('Unknown error')
-      sandbox.stub(participants, 'putParticipantsByTypeAndID').rejects(throwError)
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(200)
-      expect(participants.putParticipantsByTypeAndID.callCount).toBe(1)
-      expect(participants.putParticipantsByTypeAndID.getCall(0).returnValue).rejects.toStrictEqual(throwError)
-
-      // Cleanup
-      participants.putParticipantsByTypeAndID.restore()
-    })
+    it('returns 200 when putParticipantsByTypeAndID rejects with an unknown error', testDomainMethodError('put', 'putParticipantsByTypeAndID', 200))
   })
 
   describe('DELETE /participants', () => {
-    it('returns 202 when deleteParticipants resolves', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'delete')
-      const options = {
-        method: 'delete',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      sandbox.stub(participants, 'deleteParticipants').resolves({})
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.deleteParticipants.callCount).toBe(1)
-      expect(participants.deleteParticipants.getCall(0).returnValue).resolves.toStrictEqual({})
+    it('returns 404 when ID parameter is missing', testMissingParameter('delete', '/participants/MSISDN/', true))
 
-      // Cleanup
-      participants.deleteParticipants.restore()
-    })
-
-    it('returns 202 when deleteParticipants rejects with an unknown error', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}', 'delete')
-      const options = {
-        method: 'delete',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      const throwError = new Error('Unknown error')
-      sandbox.stub(participants, 'deleteParticipants').rejects(throwError)
+    it('returns 202 when deleteParticipants resolves', testSuccessfulDomainCall('delete', 'deleteParticipants', 202))
 
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(202)
-      expect(participants.deleteParticipants.callCount).toBe(1)
-      expect(participants.deleteParticipants.getCall(0).returnValue).rejects.toStrictEqual(throwError)
-
-      // Cleanup
-      participants.deleteParticipants.restore()
-    })
+    it('returns 202 when deleteParticipants rejects with an unknown error', testDomainMethodError('delete', 'deleteParticipants', 202))
   })
 
   describe('PUT /error', () => {
-    it('returns 200 when putParticipantsErrorByTypeAndID resolves', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}/error', 'put')
-      const options = {
-        method: 'put',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      sandbox.stub(participants, 'putParticipantsErrorByTypeAndID').resolves({})
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(200)
-      expect(participants.putParticipantsErrorByTypeAndID.callCount).toBe(1)
-      expect(participants.putParticipantsErrorByTypeAndID.getCall(0).returnValue).resolves.toStrictEqual({})
+    it('returns 200 when putParticipantsErrorByTypeAndID resolves', testSuccessfulDomainCall('put', 'putParticipantsErrorByTypeAndID', 200, '/participants/{Type}/{ID}/error'))
 
-      // Cleanup
-      participants.putParticipantsErrorByTypeAndID.restore()
-    })
-
-    it('returns 200 when putParticipantsErrorByTypeAndID rejects with an unknown error', async () => {
-      // Arrange
-      const mock = await Helper.generateMockRequest('/participants/{Type}/{ID}/error', 'put')
-      const options = {
-        method: 'put',
-        url: mock.request.path,
-        headers: Helper.defaultSwitchHeaders,
-        payload: mock.request.body
-      }
-      const throwError = new Error('Unknown error')
-      sandbox.stub(participants, 'putParticipantsErrorByTypeAndID').rejects(throwError)
-
-      // Act
-      const response = await server.inject(options)
-
-      // Assert
-      expect(response.statusCode).toBe(200)
-      expect(participants.putParticipantsErrorByTypeAndID.callCount).toBe(1)
-      expect(participants.putParticipantsErrorByTypeAndID.getCall(0).returnValue).rejects.toStrictEqual(throwError)
-
-      // Cleanup
-      participants.putParticipantsErrorByTypeAndID.restore()
-    })
+    it('returns 200 when putParticipantsErrorByTypeAndID rejects with an unknown error', testDomainMethodError('put', 'putParticipantsErrorByTypeAndID', 200, '/participants/{Type}/{ID}/error'))
   })
 })

package/test/unit/domain/participants/participants.test.js

@@ -48,6 +48,48 @@ const fixtures = require('../../../fixtures')
 const { Headers } = Enums.Http
 
 describe('participant Tests', () => {
+  describe('validatePathParameters', () => {
+    it('should throw error for placeholder {ID} value', () => {
+      expect.hasAssertions()
+      const params = { ID: '{ID}', Type: 'MSISDN' }
+
+      expect(() => participantsDomain.validatePathParameters(params))
+        .toThrow('Invalid ID parameter: {ID}. ID must not be a placeholder value')
+    })
+
+    it('should throw error for ID containing curly braces', () => {
+      expect.hasAssertions()
+      const params = { ID: 'some{invalid}id', Type: 'MSISDN' }
+
+      expect(() => participantsDomain.validatePathParameters(params))
+        .toThrow('Invalid ID parameter: some{invalid}id. ID must not be a placeholder value')
+    })
+
+    it('should throw error for placeholder {SubId} value', () => {
+      expect.hasAssertions()
+      const params = { ID: '123456', Type: 'MSISDN', SubId: '{SubId}' }
+
+      expect(() => participantsDomain.validatePathParameters(params))
+        .toThrow('Invalid SubId parameter: {SubId}. SubId must not be a placeholder value')
+    })
+
+    it('should pass validation for valid parameters', () => {
+      expect.hasAssertions()
+      const params = { ID: '123456', Type: 'MSISDN' }
+
+      // Should not throw
+      expect(() => participantsDomain.validatePathParameters(params)).not.toThrow()
+    })
+
+    it('should pass validation for valid parameters with SubId', () => {
+      expect.hasAssertions()
+      const params = { ID: '123456', Type: 'MSISDN', SubId: 'validSubId' }
+
+      // Should not throw
+      expect(() => participantsDomain.validatePathParameters(params)).not.toThrow()
+    })
+  })
+
   describe('getParticipantsByTypeAndID', () => {
     let sandbox
     // Initialize Metrics for testing

package/test/unit/models/participantEndpoint/facade.test.js

@@ -188,26 +188,6 @@ describe('participantEndpoint Facade', () => {
 
       expect(mockSendRequest.mock.lastCall[0].jwsSigner).toBeTruthy()
     })
-
-    it('should add default timeout to sendRequest', async () => {
-      const mockedConfig = {
-        JWS_SIGN: false,
-        FSPIOP_SOURCE_TO_SIGN: mockHubName,
-        PROTOCOL_VERSIONS: fixtures.protocolVersionsDto(),
-        HTTP_REQUEST_TIMEOUT_MS: 1000
-      }
-      jest.mock('../../../../src/lib/config', () => (mockedConfig))
-      mockGetEndpoint.mockImplementation(() => 'https://example.com/12345')
-      mockSendRequest.mockImplementation(async () => true)
-      const ParticipantFacade = require(`${src}/models/participantEndpoint/facade`)
-
-      const headers = {}
-      const requestedParticipant = {}
-      const endpointType = 'URL'
-
-      await ParticipantFacade.sendRequest(headers, requestedParticipant, endpointType)
-      expect(mockSendRequest.mock.calls[0][0].axiosRequestOptionsOverride.timeout).toBe(mockedConfig.HTTP_REQUEST_TIMEOUT_MS)
-    })
   })
 
   describe('validateParticipant', () => {