Request Validation
The Request Validation policy is used to validate incoming requests based on schemas in OpenAPI specifications.
When configured, any requests that do not conform to your OpenAPI schema will be rejected with a 400: Bad Request response containing a detailed error message (in JSON) explaining why the request was not accepted.
Configuration#
{
"name": "my-request-validation-inbound-policy",
"policyType": "request-validation-inbound",
"handler": {
"export": "RequestValidationInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"includeRequestInLogs": false,
"logLevel": "info",
"validateBody": "reject-and-log",
"validatePathParameters": "log-only",
"validateQueryParameters": "log-only"
}
}
}Options#
namethe name of your policy instance. This is used as a reference in your routes.policyTypethe identifier of the policy. This is used by the Zuplo UI. Value should berequest-validation-inbound.handler/exportThe name of the exported type. Value should beRequestValidationInboundPolicy.handler/modulethe module containing the policy. Value should be$import(@zuplo/runtime).handler/optionsThe options for this policy:logLevelThe log level to use when logging validation errors.
validateBodyThe action to perform when validation fails.
validateQueryParametersThe action to perform when validation fails.
validatePathParametersThe action to perform when validation fails.
validateHeadersThe action to perform when validation fails.
includeRequestInLogsWhether to include the request in the logs.
Here's an example of how to specify a schema for validation in a request body in OpenAPI.
"requestBody": {
"description": "user to add to the system",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"age": {
"type": "integer"
}
},
"required": [
"name",
"age"
]
}
}
}
}