- policyRef: name: spec-validation-flex config: source: <string> // REQUIRED spec: <string> // REQUIRED apiBasePath: <string> // OPTIONAL blockOperation: <boolean> // REQUIRED strictParamsValidation: <boolean> // OPTIONAL
Schema Validation Policy
Policy Name |
Schema Validation Policy |
Summary |
Validates incoming traffic against a supplied API schema |
Category |
Security |
First Flex Gateway version available |
v1.4.0 |
Returned Status Codes |
400 - The request properties do not comply with the API specifications. |
Summary
The Schema Validation policy only supports REST APIs and currently only supports OpenAPI Specification 3.0 (OAS3) schema validations. |
The Schema Validation policy supports a maximum of 64 bits for the number schema data type.
|
Applications processing REST API requests are susceptible to attacks such as header injection and payload injection. Additional vulnerabilities can lead to the access of sensitive information. The Schema Validation policy protects against such attacks and vulnerabilities by validating traffic against a supplied API specification.
There are many ways to upload REST API specifications, but using Exchange is the easiest way. To upload an API specification to Exchange, see Create an Exchange Asset.
Flex Gateway supports schemas defined in JSON or YAML, contained in a single file.
The Schema Validation policy validates request headers, queries, or path parameters.
Requests only include support for JSON format with content type application/json
.
You configure the policy to perform one of the following actions:
-
Block the request, and then return the 400 error status code.
-
Allow the request, log the error, and then return the status code of the request.
You can validate content against:
-
The presence of all required properties.
-
The presence or absence of additional properties.
-
The types of all properties.
For example, if a schema specifies a property as an integer, the request must include an integer and not another type, such as a string.
-
The format of the properties.
For example, if the
pattern
keyword is specified, the policy validates the property as a regular expression.
Configuring Policy Parameters
Flex Gateway Local Mode
In Local Mode, you apply the Schema Validation policy to your API via declarative configuration files. Refer to the following policy definition and table of parameters:
Parameter | Required or Optional | Default Value | Description |
---|---|---|---|
|
Required |
|
Determines if the schema is specified in this YAML resource, or if it’s specified in the API Context from Exchange (Connected Mode only). Supported values: |
|
Required |
|
The actual inline specification. You must provide this when configuring the policy in Local Mode. |
|
Optional |
|
The base path of the API. You must provide this value when configuring the policy in Local Mode. |
|
Required |
|
If |
|
Optional |
|
Determines whether to validate query parameters not defined in specification. |
Flex Gateway Connected Mode
When you apply the Schema Validation policy to your API from the UI, the following parameters are displayed:
Field | Description | Default | Required |
---|---|---|---|
Block request |
Select to block an incoming request that does not conform to the API specification. Selecting not to block only logs the request. Choosing to block invalid requests returns a 400 status when the request is invalid. |
Block enabled |
No |
Strict query parameters validation |
Restricts API calls from query parameters not defined in the API Specification |
No |
No |
Advanced options |
|||
Policy version |
Version of the applied policy |
Latest |
|
Yes |
Rule of application |
Configures the runtimes the policy is applied to. Schema Validation is currently only available for Flex Gateway. Applying the policy to all runtimes only applies the policy to Flex Gateway APIs. |
All runtimes |