We’re pleased to announce that developers using Oracle Cloud Infrastructure API Gateway can now validate request header and body content for their APIs.
Request validation allows API providers to ensure that API requests being forwarded to backend services meet specific criteria or conform to an expected format. Any requests made to an API Gateway that don’t meet the configured validation requirements are terminated and an error response is returned to the caller.
You can perform validation on headers, paths, query strings, and the request body of the API client initiated request.
Request validations synchronously reject any requests that don’t conform to the specific API design at the gateway. This process ensures that expected parameters or headers are present, request bodies satisfy the provided schema, and only requests for specific content-types are accepted. This exclusion reduces the overhead of passing requests to the backend services that can fail or cause errors in those services.
As the API Development team is applying this policy, they can choose from multiple modes, including enforcing and permissive. When set to enforcing mode, the gateway rejects a request that doesn’t conform to the rules defined in the validation. When set to permissive, the gateway allows the request but logs the event in the execution log. So, the team can set the validation and observe the behavior against the traffic, before blocking API calls.
Paul is a Senior Principal Product Manager in the Oracle Cloud Iinfrastructure Cloud Native Services team.