Section OpenAPI Specification

Prerequisites

OpenAPI validation requires a license for the API Gateway feature.
API specification format must be in OpenAPI version 3.0 as JSON. Specifications in other formats or versions, e.g., Swagger 2.0, must be converted before uploading. For Swagger to OpenAPI conversions, we recommend the Mermade converter which is available as a command-line tool.

Feature scope and configuration options

After uploading the OpenAPI specification, configure and enable Enforce API validation for a mapping on the mapping detail page, Tab – API Security.

The OpenAPI filter supports the validation of requests and responses:
Path
Query parameters
Headers
Cookies
JSON syntax and objects

Body content checks are only applied to JSON documents, form-urlencoded parameters, and binary data (jpgs, gifs, ...).

API specification format must be in OpenAPI version 3.0 as JSON.

The OpenAPI feature does currently not support the following:
For requests with form-urlencoded parameters, additionalProperties can only be configured as a boolean.
XML and YAML content types are unsupported. These content types are passed unchecked, even when specified in a schema.
Multipart requests.
Callback definitions.
OpenAPI schema in YAML format.

Specifications in other formats or versions, e.g., Swagger 2.0, must be converted before uploading. For Swagger to OpenAPI conversions, we recommend the Mermade converter, which is available as a command-line tool.

Logging

Logging during request handling:
WR-SG-BLOCK-115-00 – Noncompliant API usage

constraint – provides detailed information on the violated constraint.
position – denotes the position in the validated request document/parameter where a constraint was violated.

WR-SG-REJECT-115 – OpenAPI configuration is invalid

The configuration could not be loaded correctly. See CONF-115 entries in the log messages for investigation and error analysis.

Logging by the configuration loader:
SY-SG-CONF-115-00 – Config Loader: Error parsing OpenAPI specification

file – filename of the document where the error occurred
position – denotes the position in the specification where the error was found

SY-SG-CONF-115-01 – Config Loader: Unsupported OpenAPI feature

file – filename of the document where the error occurred
position – denotes the position in the specification where the error was found
SY-SG-CONF-115-02 – Config Loader: Error compiling pattern for OpenAPI string format
SY-SG-CONF-115-03 – Config Loader: Error compiling pattern for OpenAPI Content-Type matching

Expert settings

Expert settings control certain aspects of the OpenAPI validation:

Expert Setting Key	Description
`OpenApi.StringFormat.*`	Patterns for custom value formats referenced by name in specifications.
`OpenApi.Authentication.*`	Positive-listed parameters for OAuth2 and OpenID Connect security schemes.
`OpenApi.Check.Response`	Enable or disable the response check (default `false`).
`OpenApi.ContentType.*`	List of Content-Type patterns.
`Request.Json.Limits.*`	Thresholds for preventing DoS attacks against the JSON parser.

Further information and links

Internal links:
Submenu – License
Tab – API Security
For API policy cookies, see: Environment cookies related to API policy features