Prerequisites
- OpenAPI validation requires a license for the API Gateway feature.
- API specification format must be in OpenAPI version 3.0 as JSON. Specifications in other formats or versions, e.g., Swagger 2.0, must be converted before uploading. For Swagger to OpenAPI conversions, we recommend the Mermade converter which is available as a command-line tool.
Feature scope and configuration options
After uploading the OpenAPI specification, configure and enable Enforce API validation for a mapping on the mapping detail page, Tab – API Security.
- The OpenAPI filter supports the validation of requests and responses:
- Path
- Query parameters
- Headers
- Cookies
- JSON syntax and objects
Body content checks are only applied to JSON documents, form-urlencoded parameters, and binary data (jpgs, gifs, ...).
API specification format must be in OpenAPI version 3.0 as JSON.
- The OpenAPI feature does currently not support the following:
- For requests with form-urlencoded parameters,
additionalProperties
can only be configured as a boolean. - XML and YAML content types are unsupported. These content types are passed unchecked, even when specified in a schema.
- Multipart requests.
- Callback definitions.
- OpenAPI schema in YAML format.
Specifications in other formats or versions, e.g., Swagger 2.0, must be converted before uploading. For Swagger to OpenAPI conversions, we recommend the Mermade converter, which is available as a command-line tool.
Logging
- Logging during request handling:
WR-SG-BLOCK-115-00
– Noncompliant API usageconstraint
– provides detailed information on the violated constraint.position
– denotes the position in the validated request document/parameter where a constraint was violated.WR-SG-REJECT-115
– OpenAPI configuration is invalid- The configuration could not be loaded correctly. See
CONF-115
entries in the log messages for investigation and error analysis.
- Logging by the configuration loader:
SY-SG-CONF-115-00
– Config Loader: Error parsing OpenAPI specificationfile
– filename of the document where the error occurredposition
– denotes the position in the specification where the error was foundSY-SG-CONF-115-01
– Config Loader: Unsupported OpenAPI featurefile
– filename of the document where the error occurredposition
– denotes the position in the specification where the error was foundSY-SG-CONF-115-02
– Config Loader: Error compiling pattern for OpenAPI string formatSY-SG-CONF-115-03
– Config Loader: Error compiling pattern for OpenAPI Content-Type matching
Expert settings
Expert settings control certain aspects of the OpenAPI validation:
Expert Setting Key | Description |
---|---|
| Patterns for custom value formats referenced by name in specifications. |
| Positive-listed parameters for OAuth2 and OpenID Connect security schemes. |
| Enable or disable the response check (default |
| List of Content-Type patterns. |
| Thresholds for preventing DoS attacks against the JSON parser. |
Further information and links
- Internal links:
- Submenu – License
- Tab – API Security
- For API policy cookies, see: Environment cookies related to API policy features