Skip to main content

Request Validation Policy

The Request Validation policy is used to validate incoming requests based on schemas in OpenAPI specifications.

When configured, any requests that do not conform to your OpenAPI schema will be rejected with a 400: Bad Request response containing a detailed error message (in JSON) explaining why the request was not accepted.

Here's an example of how to specify a schema for validation in a request body in OpenAPI.

        "requestBody": {
"description": "user to add to the system",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"name": {
"type": "string"
"age": {
"type": "integer"
"required": [


"name": "my-request-validation-inbound-policy",
"policyType": "request-validation-inbound",
"handler": {
"export": "RequestValidationInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"logLevel": "info",
"validateBody": "log-only",
"includeRequestInLogs": false
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be request-validation-inbound.
  • handler/export The name of the exported type. Value should be RequestValidationInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • logLevel
      [object Object]
    • validateBody
      [object Object]
    • validateQueryParameters
      [object Object]
    • validatePathParameters
      [object Object]
    • validateHeaders
      [object Object]
    • includeRequestInLogs
      [object Object]

Read more about how policies work