JSON Threat Protection Policy Configuration Values
The following configuration values can be defined while configuring the JSON Threat Protection policy on the Call Transformation page:
note
- Only pre-processing is applicable for this policy. Post-processing is not applicable.
- Setting a limit to -1 disables that check, allowing selective structural protection.
| Field name | Type | Field Value | Required/Optional | Description |
|---|---|---|---|---|
| Processing Adapter | String | com.mashery.proxy.protection.json-threat-protection | Required | Adapter that validates JSON request bodies against configured structural limits and rejects threats with HTTP 400. |
| Perform Pre-processing | Boolean | Enabled / Disabled | Required | When enabled, the policy inspects the JSON request body before forwarding the request to the backend. |
| Data to make available for pre-processing (PreInput Values) | Map | |||
Integer (-1 to specify no limit) | maxEntries | Optional | The maximum number of entries allowed for a JSON object. For example, in { "a": { "b": 1, "c": 2, "d": 3 } }, the object a has three entries. Default: 100. | |
Integer (-1 to specify no limit) | maxArraySize | Optional | Maximum number of elements allowed in a JSON array. Default: 100. | |
Integer (-1 to specify no limit) | maxDepth | Optional | Maximum nesting depth of the JSON structure. For example, { "a": { "b": { "c": true } } } has a depth of three. Default: 100. | |
Integer (-1 to specify no limit) | maxNameLength | Optional | Maximum string length allowed for a JSON property name. Default: 100. | |
Integer (-1 to specify no limit) | maxValueLength | Optional | Maximum string length allowed for a JSON property value. Default: 500. |
Configuration Steps
Refer to Configuring Call Transformation for an Endpoint for more information on the configuration steps.
