Request Validation Policy

The Request Validation policy is used to validate incoming requests based on schemas in OpenAPI specifications.

When configured, any requests that do not conform to your OpenAPI schema will be rejected with a 400: Bad Request response containing a detailed error message (in JSON) explaining why the body was not accepted.

NOTICE: This policy is not comptible with legacy projects that use routes.json. In order to use this policy, migrate your project to OpenAPI. See docs.

Configuration

{
  "name": "my-request-validation-inbound-policy",
  "policyType": "request-validation-inbound",
  "handler": {
    "export": "RequestValidationInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {
      "logLevel": "info",
      "validateBody": "log-only",
      "includeRequestInLogs": false
    }
  }
}

• name the name of your policy instance. This is used as a reference in your routes.
• policyType the identifier of the policy. This is used by the Zuplo UI. Value should be request-validation-inbound.
• handler/export The name of the exported type. Value should be RequestValidationInboundPolicy.
• handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
• handler/options The options for this policy:
  • logLevel

    Optional. Specify one of the log levels: 'error | warn | info | debug'. Default: info

  • validateBody

    Optional. Specify one of the options: 'none, log-only, reject-and-log, reject-only'. Default: none

  • includeRequestInLogs

    Optional. Specify whether to include the request in the logs. Default: false

Read more about how policies work