Skip to main content
Feedback

Request Validation policy

The request validation policy is used to validate the incoming HTTP request according to given rules. A rule is defined for an input value. This input value supports EL expression and is validated against constraint rules.

Constraint rules can be:

  • NOT_NULL: Input value is required.

  • MIN: Input value is a number and its value is greater or equals to a given parameter.

  • MAX: Input value is a number and its value is lower or equals to a given parameter.

  • MAIL: Input value is valid according to the mail pattern.

  • DATE: Input value is valid according to the date format pattern given as a parameter. The input must match the SimpleDateFormat specified in the parameters.

  • PATTERN: Input value is valid according to the pattern given as a parameter.

  • SIZE: Input value length is between two given parameters.

  • ENUM: Field value included in ENUM. The input must match one of the case-sensitive strings specified in the parameters.

By default, if one of the rule can not be validated, the policy returns a 400 status code.

Timing

On RequestOn ResponseOn Request ContentOn Response Content
XX

Configuration

PropertyRequiredDescriptionTypeDefault
scopeyesPhase when the policy is executedpolicy scopeON_REQUEST
statusyesHTTP Status Code send to the consumer in case of validation issues.HTTP status code400
rulesyesRules to apply to incoming requestList of rules

Examples

Validate a path segment

The following example validates that the third path segment of the request URL ends with .txt. If the value does not match the pattern, the policy returns a 400 status.

"policy-request-validation": {
"rules": [
{
"constraint": {
"parameters": [
".*\\.(txt)$"
],
"type": "PATTERN"
},
"input": "{#request.pathInfos[2]}"
}
],
"status": "400"
}

Validate a required header

The following example validates that the X-Correlation-ID header is present in the request. If the header is missing or null, the policy returns a 400 status.

"policy-request-validation": {
"rules": [
{
"constraint": {
"type": "NOT_NULL"
},
"input": "{#request.headers['X-Correlation-ID']}"
}
],
"status": "400"
}

Validate a query parameter value

The following example validates that the status query parameter is one of the accepted values: active, inactive, or pending. The match is case-sensitive. If the value is not in the list, the policy returns a 400 status.

"policy-request-validation": {
"rules": [
{
"constraint": {
"parameters": [
"active",
"inactive",
"pending"
],
"type": "ENUM"
},
"input": "{#request.params['status']}"
}
],
"status": "400"
}

Validate a header value length

The following example validates that the value of the X-Custom-Header header is between 1 and 50 characters. If the value is outside this range, the policy returns a 400 status.

"policy-request-validation": {
"rules": [
{
"constraint": {
"parameters": [
"1",
"50"
],
"type": "SIZE"
},
"input": "{#request.headers['X-Custom-Header']}"
}
],
"status": "400"
}
tip

The input field supports Expression Language (EL). You can reference request headers, query parameters, path segments, and more. Refer to Expression Language request for a full list of available attributes.

HTTP Status Code

CodeMessage
400Incoming HTTP request can not be validated.
On this Page