The models in our spec have attributes that pretty much describe the input validation rule.
Example:
Member: required: - hireDate - homeContact properties: id: type: integer description: will be ignored when included in a request remoteIdentifier: type: string description: the identifier for the member on the system sending/requesting the information hireDate: type: string format: date terminationDate: type: string format: date jobTitle: type: string maxLength: 50 payrollFrequency: type: string enum: - MONTHLY - SEMI_MONTHLY - BI_WEEKLY - WEEKLY ssn: type: string pattern: '^\d{3}-?\d{2}-?\d{4}$'
I'd like to raise a fault if a call to the endpoint does not conform to the data type, enums, regex etc.
This will serve two needs
a. the API designer builds validation rules into the spec.
b. API automation tests can be generated to assert the rules defined in the spec.
I see a post from 2015 but that requires input validations to be done in javascript. - https://community.apigee.com/questions/5569/policy-to-do-input-validation-based-on-swagger-spe.html
Is there a 'current' best practice to do this?
Solved! Go to Solution.
@hnaidu , As of today, We don't capture this information and auto generate policies like regular expression in Apigee when you create an API proxy from Open API Spec.
At present, You need to add these validation rules using Regular Expression Protection Policy or Raise Fault policy.
Hope it helps.
@hnaidu , As of today, We don't capture this information and auto generate policies like regular expression in Apigee when you create an API proxy from Open API Spec.
At present, You need to add these validation rules using Regular Expression Protection Policy or Raise Fault policy.
Hope it helps.
Thank you.
@Anil Sagar @ Google Can we expect APIGEE to enforce input validation using regex pattern defined in the openapi specification instead of creating regex protection policies. It is much easier to enforce input validation through open-api spec.
Moreover the regex check provided by regex protection policy is a blacklisting process, where we look the malicious patterns, but can we have a whitelisting process where in we accept only legal characters?
Eg. regex validation for id : allow alphanumeric charaters only
There was a similar post related to whitelisting that you can check, this is not related to openapi spec regex validation though -
https://community.apigee.com/questions/67892/regularexpressionprotection-policy-behavior.html
Secondly, post a new question to get attention as this post is resolved with an accepted answer as well.
@Mahesh Chandrappa , At this point of time - Validation based on Open API Spec is unavailable.