API Management Get Started API References
Login 24/7 Support Community tyk.io

Request Validation

Table Of Contents

Introduction

Tyk can protect any Gateway incoming request by validating the request payload against the schema provided for the path’s request body in the OAS API Definition.

How it works

In order to enable request validation features, for a specific path, the following criteria needs to be met:

  1. A schema needs to be defined for an application/json content type in the requestBody section of a path.
{
  ...
  "paths":{
    "/pet":{
        "put":{
          ...
          "requestBody":{
            "description":"Update an existent pet in the store",
            "content":{
              "application/json":{
                  "schema":{
                    type: string
                  }
              }
            }
          }
        }
    }
  }
  ...
}
  1. validateRequest middleware needs to be enabled for that specific path.
{
  ...
  "paths":{
    "/pet":{
        "put":{
          ...
          operationId: 'petput',
          "requestBody":{
            ...
            "content":{
              "application/json":{
                  "schema":{
                    type: string
                  }
              }
            }
          }
        }
    }
  }
  ...
  "x-tyk-api-gateway": {
    ...
    "middleware": {
      ...
      "operations": {
        ...
        "petput": {
          "validateRequest": {
            "enabled": true  
          }
        }
      }
    }
  }
}
  1. Your Tyk Gateway can validate an incoming request if the schema is defined within the OAS API Definition in the requestBody directly, or via a relative reference to the components.schemas section.
//GOOD
{
  ...
  "paths":{
    "/pet":{
        "put":{
          ...
          "requestBody":{
            "description":"Update an existent pet in the store",
            "content":{
              "application/json":{
                  "schema":{
                    type: string
                  }
              }
            }
          }
        }
    }
  }
  ...
}

//GOOD
{
  ...
  "components": {
    "schemas": {
      "Pet": {
        type: string
      }
    }
  },
  "paths":{
    "/pet":{
        "put":{
          ...
          "requestBody":{
            "description":"Update an existent pet in the store",
            "content":{
              "application/json":{
                  "schema":{
                    $ref: "#/components/Pet"
                  }
              }
            }
          }
        }
    }
  }
  ...
}
  1. If the schema reference points to an external resource, your Tyk Gateway will just ignore it and won’t validate the request.
//Gateway will ignore
{
  ...
  "paths":{
    "/pet":{
        "put":{
          ...
          "requestBody":{
            "description":"Update an existent pet in the store",
            "content":{
              "application/json":{
                  "schema":{
                    $ref: "http://pet-schema.com"
                  }
              }
            }
          }
        }
    }
  }
  ...
}

Automatically enable request validation

While importing an OAS API Definition or updating a Tyk OAS API Definition, validateRequest middleware can be automatically configured by Tyk for all the paths that have a schema configured, by passing the validateRequest=true query parameter, together with the import API or with a PATCH request for updating the API.

Return to Top
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
   Read More