Validate API Specification
This policy validates the responses against various components of an API specification such as schema, content-types, and HTTP headers.
The various components of an API specification are referenced as follows:
The schema for REST APIs can be imported through a swagger or a RAML file, or a file you upload. The schema is available as part of the API definition.
The content-types are available as part of the API definition.
The HTTP headers are specified in the Validate API Specification policy page.
The response sent to the API by the native service must conform with the structure or format expected by the API. The responses from the native API are validated against the API specifications selected in this policy to conform to the structure or format expected by the API.
The various components of an API specification that can be validated are:
Schema The responses from the native API are validated against the schema provided in the API definition. The schema defines the elements and attributes in the response payload and specifies the data types of these elements to ensure that only appropriate data is allowed through to the API.
For a REST API, the schema validation execution depends on the accept header in the response. The default accept header and schema validation type mapping is as follows:
Accept header | Schema validation type |
application/json application/json/badgerfish | JSON schema |
application/xml text/xml text/html | XML schema |
text/plain | Regular expression |
Content-types The content-types in the responses from the native API are validated against the corresponding content-types specified in the API definition.
HTTP Headers The HTTP headers in the responses from the native API are validated against the corresponding HTTP headers specified in this policy to conform to the HTTP headers expected by the API.
The API requests that fail the specification validation are considered as policy violations. Such policy violation events that are generated can be viewed in the API Gateway dashboard.
The table lists the parameters of this policy and how they are applied to validate API requests:
Parameter | Description |
Schema | Validates the response payload against the appropriate schema (based on the accept header in the response). Additional features for XML schema validation are: Feature name. The name for the schema configuration. For example: TOLERATE_DUPLICATES, NAMESPACE_GROWTH Feature value. Specifies whether the feature value is True or False. |
Content-types | Validates the content-types in the incoming response against the content-types defined in the API definition. |
HTTP Headers | Validates the HTTP header parameters in the incoming response against the HTTP headers defined in this policy. Various conditions and additional information you can define are: Condition: Specifies the logical operator to use to validate multiple HTTP headers in the incoming API responses. Available values are: AND. Microgateway accepts only the responses that contain all configured HTTP headers. OR. This is selected by default. Microgateway accepts responses that contain at least one configured HTTP header. HTTP Header Key. Specifies a key that must be passed through the HTTP header of the incoming API responses. Header Value. Optional.. Specifies the corresponding key value that could be passed through the HTTP header of the incoming API responses. The Header Value field type accepts string and regular expression (regex). |