Validate API Specification

Microgateway 10.7 | webMethods Microgateway Help | Policies | Request Processing | Validate API Specification

Validate API Specification

This policy validates the incoming request against various components of an API specification such as schema, query parameters, path parameters, content-types, and HTTP headers.

The various components of an API specification are referenced as follows:

The schema for REST APIs can be imported through a swagger or a RAML file, or a file you upload. The schema is available as part of the API definition.

The query parameters, path parameters, and content-types are available as part of the API definition.

The HTTP headers are specified in the Validate API Specification policy page.

The requests sent to the API by a client application must conform with the structure or format expected by the API. The incoming requests are validated against the API specifications selected in this policy to conform to the structure or format expected by the API.

The various components of an API specification that can be validated are:

Schema

The incoming requests are validated against the schema provided in the API definition. The schema defines the elements and attributes in the request payload and specifies the data types of these elements to ensure that only appropriate data is allowed through to the API.

For a REST API, the schema validation execution depends on the content-type header in the request. The default content-type header and schema validation type mapping is as follows:

Content-type header	Schema validation type
application/json application/json/badgerfish	JSON schema
application/xml text/xml text/html	XML schema
text/plain	Regular expression

Note:
If the schema specified for a content-type header in the API definition is not as specified in the mapping table, then the behavior is as follows:

If there is no schema specified for a content-type header in a REST API, the validation is skipped.

If application/json is mapped to XML schema in the API definition, then the JSON content in the request is validated against XML schema to provide a backward compatibility support for APIs migrated from API Gateway 10.1 version.

If only XML schema mappings exist for any of the content-types, the payload is converted into XML and validated against all the XML schemas. If the payload is valid against one of the schemas, the validation is successful.

If the payload cannot be converted to XML format, the validation is not performed and the request is allowed to reach the native API.

Query Parameters

The query parameters in the incoming requests are validated against the corresponding query parameter data type specified in the API definition.

Path Parameters

The path parameters in the incoming requests are validated against the corresponding path parameter data type specified in the API definition.

Cookie Parameters

The cookie parameters in the incoming requests are validated against the corresponding cookie parameter data type specified in the API definition.

Content-types

The content-types in the incoming requests are validated against the corresponding content-types specified in the API definition.

HTTP Headers

The HTTP headers in the incoming requests are validated against the corresponding HTTP headers specified in this policy to conform to the HTTP headers expected by the API.

The API requests that fail the specification validation are considered as policy violations. You can view such policy violation events in the API Gateway dashboard.

The table lists the parameters of this policy and how they are applied to validate API requests.

Parameter	Description
Schema	Validates the request payload against the appropriate schema (based on the content-type header in the request). Additional features for XML schema validation are: Feature name. The name for the schema configuration. For example: TOLERATE_DUPLICATES, NAMESPACE_GROWTH Feature value. Specifies whether the feature value is True or False.
Query Parameters	Validates the query parameters in the incoming request against the query parameters defined in the API definition. Note: Except File data type, all the other data types, String, Date, Date time, Integer, Double, and Boolean, are supported for the available types.
Path Parameters	Validates the path parameters in the incoming request against the path parameters defined in the API definition. Note: Except File data type, all the other data types, String, Date, Date time, Integer, Double, and Boolean, are supported for the available types.
Cookie Parameters	Validates the cookie parameters in the incoming request against the cookie parameters defined in the API definition. Note: Except File data type, all the other data types, String, Date, Date time, Integer, Double, and Boolean, are supported for the available types.
Content-types	Validates the content-types in the incoming request against the content-types defined in the API definition.
HTTP Headers	Validates the HTTP header parameters in the incoming request against the HTTP headers defined in this policy. Various conditions and additional information you can define are: Condition. Specifies the logical operator to use to validate multiple HTTP headers in the incoming API requests. Available values are: AND. Microgateway accepts only the requests that contain all configured HTTP headers. OR. This is selected by default. Microgateway accepts requests that contain at least one configured HTTP header. HTTP Header Key. Specifies a key that must be passed through the HTTP header of the incoming API requests. Header Value. Optional. Specifies the corresponding key value that could be passed through the HTTP header of the incoming API requests. The Header Value field type accepts string and regular expression (regex).