Policies

Request Validation Policy

The Request Validation policy is used to validate incoming requests based on schemas in OpenAPI specifications.

When configured, any requests that do not conform to your OpenAPI schema will be rejected with a 400: Bad Request response containing a detailed error message (in JSON) explaining why the request was not accepted.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{
  "name": "my-request-validation-inbound-policy",
  "policyType": "request-validation-inbound",
  "handler": {
    "export": "RequestValidationInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "includeRequestInLogs": false,
      "logLevel": "info",
      "validateBody": "reject-and-log",
      "validatePathParameters": "log-only",
      "validateQueryParameters": "log-only"
    }
  }
}

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

  • logLevel <string> -
    The log level to use when logging validation errors.
    Allowed values are error, warn, info, and debug. Defaults to "info".
  • validateBody <string> -
    The action to perform when validation fails.
    Allowed values are none, log-only, reject-and-log, and reject-only.
  • validateQueryParameters <string> -
    The action to perform when validation fails.
    Allowed values are none, log-only, reject-and-log, and reject-only.
  • validatePathParameters <string> -
    The action to perform when validation fails.
    Allowed values are none, log-only, reject-and-log, and reject-only.
  • validateHeaders <string> -
    The action to perform when validation fails.
    Allowed values are none, log-only, reject-and-log, and reject-only.
  • includeRequestInLogs <boolean> -
    Whether to include the request in the logs.
    Defaults to false.

Using the Policy

Here's an example of how to specify a schema for validation in a request body in OpenAPI.

  "requestBody": {
    "description": "user to add to the system",
    "content": {
      "application/json": {
        "schema": {
          "type": "object",
          "properties": {
            "name": {
              "type": "string"
            },
            "age": {
              "type": "integer"
            }
          },
          "required": [
            "name",
            "age"
          ]
        }
      }
    }
  }

Read more about how policies work

Previous
Audit Logs
Next
Bot Detection