Validate JSON requests using OpenAPI Spec (2.0 or 3.0)

There is a new OAS Validation policy that is available in Apigee Hybrid and next generation SaaS. However, it's not clear if it will be made available in the current SaaS offering.

Therefore in the interim, I updated my previous example (here) to support OAS 3.0.

The updated example adds some additional functionality to include validation of:

  • Request payload syntax using Message Validation policy.
  • Repeated elements using Regular Expression policy.
  • Required query params.
  • Required headers.

Requirements: A dereferenced OAS in JSON format (tool https://apitools.dev/swagger-parser/online).

See attached API proxy and Postman collection for testing.

oas-validation-v3-rev3-2020-10-24.zip

oas-validation-30postman-collectionjson.zip

Hope you find this useful and if you find any errors, please let me know.

Comments
vdhulipala
Participant I

It is working when requestBody looks like below:

"requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "Updated user object", "required": true }

It is not working when requestBody looks like below: (One more condition must be added here)

"requestBody": { "$ref": "#/components/requestBodies/UserArray" }

kurtkanaskie
Staff

I've not tried an OAS using $refs.

asharma377
Participant V

OAS Validation policy i can see available in apigee edge...can that now be substituted for this parser with same functionality.

thanks,
Aakash

aruns
New Member

Does it validate the form paremeters?

dchiesa1
Staff

It should. Have you tried it?

kurtkanaskie
Staff

Hi Arun,

Happy to see the new policy is getting some use.

I just tried it and verified that the new OAS Validation policy will only validate the body if the content type is application/json, as per the docs here:

https://cloud.google.com/apigee/docs/api-platform/reference/policies/oas-validation-policy#what-vali...

It will still validate the header and query params tho.

yugantkhokar
New Member

Hi kurt,

After your last comment I checked OAS validation policy. When I try to use it I found few issues over there.

1. Error response is not well formatted

10967-oas-issue.png

As per our business requirement we need to change it to like this.

{
 "error_code": "400",
 "error_message": "Bad request",
 "error_details": [
 {
 "id": 20030,
 "msg": "Missing Required Parameter grant_type"
 }
 ]
}

is there any way we can change the above format, In place of the OAS default format.

2. OAS Validation policy is always given 500 internal server error as status code in place of 400 Bad Request.


					
				
			
			
			
				
			
			
			
			
			
			
		
dchiesa1
Staff

You will want to handle the OAS policy fault with a FaultRule. This is the standard way of handling errors in Apigee API Proxies. At that point you can use AssignMessage to set the message to whatever you like.

Version history
Last update:
‎10-24-2020 07:38 AM
Updated by: