Announcing API request validation for OCI API Gateway

April 14, 2021 | 2 minute read
Paul Jenkins
Senior Principal Product Manager
Text Size 100%:

We’re pleased to announce that developers using Oracle Cloud Infrastructure API Gateway can now validate request header and body content for their APIs.

Request validation allows API providers to ensure that API requests being forwarded to backend services meet specific criteria or conform to an expected format. Any requests made to an API Gateway that don’t meet the configured validation requirements are terminated and an error response is returned to the caller.

You can perform validation on headers, paths, query strings, and the request body of the API client initiated request.

A screenshot of the Select Header Validations window over the Edit Deployment screen in the Console.

Benefits of validation

Request validations synchronously reject any requests that don’t conform to the specific API design at the gateway. This process ensures that expected parameters or headers are present, request bodies satisfy the provided schema, and only requests for specific content-types are accepted. This exclusion reduces the overhead of passing requests to the backend services that can fail or cause errors in those services.

As the API Development team is applying this policy, they can choose from multiple modes, including enforcing and permissive. When set to enforcing mode, the gateway rejects a request that doesn’t conform to the rules defined in the validation. When set to permissive, the gateway allows the request but logs the event in the execution log. So, the team can set the validation and observe the behavior against the traffic, before blocking API calls.

Learn more

Learn about Cloud Native API Management and more about this feature in the API Gateway documentation.

Paul Jenkins

Senior Principal Product Manager

Paul is a Senior Principal Product Manager in the Oracle Cloud Iinfrastructure Cloud Native Services team.

Previous Post

Announcing distributed tracing for Oracle Functions

Sachin Pikle | 3 min read

Next Post

Response caching in API Gateway

Robert Wunderlich | 2 min read