Validate API Specification

Edit online

This policy validates the responses against API's various specifications such as schema, content-types, and HTTP Headers referenced in their corresponding formats as follows:

The schema is available as part of the API definition. The schema for SOAP API are imported through WSDL and for REST APIs it can be through swagger, RAML or can be uploaded by the user when an API is created from scratch.
The content- types are available as part of the API definition. FOR SOAP APIs these are imported through WSDL and for REST APIs it can be through swagger, RAML or can be uploaded by the user.
The HTTP Headers are specified in the Validate API Specification policy page.

The response sent to the API by an application must conform with the structure or format expected by the API. The responses from the native API are validated against the API specifications in this policy to conform to the structure or format expected by the API.

Various API specifications validated are:

Schema:

The responses from the native API are validated against the schema provided in the API definition. webMethods API Gateway does not validate the payload, if the payload is sent as a stream.

The schema defines the elements and attributes and specifies the data types of these elements to ensure that only appropriate data is allowed through to the API. For a REST API, the schema can be added inline or uploaded in the Components section on the API Details page. For details on how to add the schema inline or upload, see Creating a REST API from Scratch.

The schema type for validation is selected based on:

The Content-Type header when the policy is added in the Request processing stage.
The Accept header when the policy is added in the Response processing stage.

If the header or payload is missing the schema validation is skipped.

The table lists the default Content type/Accept header and schema validation type mapping.

Content-type/Accept	Schema validation type
application/json application/json/badgerfish	JSON schema
application/xml text/xml text/html	XML schema
text/plain	Regular expression

Content-type/Accept

Schema validation type

application/json

application/json/badgerfish

JSON schema

application/xml

text/xml

text/html

XML schema

text/plain

Regular expression

For a SOAP API, the WSDL and the referenced schema must be provided in a zip format. The JSON schema validation is supported for the operations that are exposed as REST.

Content-types:
The responses from the native API are validated against the content-types specified in the API definition.
HTTP Headers:
The responses from the native API are validated against the HTTP Headers specified in this policy to conform to the HTTP headers expected by the API. If the HTTP Headers are not specified in this policy, API Gateway uses the Headers defined in the API specification.

The run-time invocations that fail the specification validation are considered as policy violations. Such policy violation events that are generated can be viewed in the dashboard.

The table lists the API specification properties, you can specify for this policy, to be validated:

Property	Description
Schema	Validates the response payload against the appropriate schema. Provide the following additional features for XML schema validation: Feature name. Specifies the name of the feature for XML parsing when performing XML schema validation. Select the required feature names from the list: `GENERATE_SYNTHETIC_ANNOTATIONS` `ID_IDREF_CHECKING` `IDENTITY_CONSTRAINT_CHECKING` `IGNORE_XSL_TYPE` `NAMESPACE_GROWTH` `NORMALIZE_DATA` `ROOT_ELEMENT_DECL` `ROOT_TYPE_DEF` `SIGMA_AUGMENT_PSVI` `SCHEMA_DV_FACTORY` `SCHEMA_ELEMENT_DEFAULT` `SCHEMA_LOCATION` `SCHEMA_NONS_LOCATION` `SCHEMA_VALIDATOR` `TOLERATE_DUPLICATES` `ENPARSED_ENTITY_CHECKING` `VALIDATE_ANNOTATIONS` `XML_SCHEMA_FULL_CHECKING` `XMLSCHEMA_VALIDATION` For details about XML parsing features, see http://xerces.apache.org/xerces2-j/features.html and for details about the exact constants, see https://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/parsers/XML11Configuration.html. Feature value. Specifies whether the feature value is True or False.
Content-types	Validates the content-types in the incoming response against the content-types defined in that response's API Specification.
HTTP Headers	Validates the HTTP header parameters in the incoming response against the HTTP headers defined in that response's API Specification. Provide the following information: Condition: Specifies the logical operator to use to validate multiple HTTP headers in the incoming API responses. Available values are: AND. webMethods API Gateway accepts only the responses that contain all configured HTTP headers. OR. This is selected by default. webMethods API Gateway accepts responses that contain at least one configured HTTP header. HTTP Header Key. Specifies a key that must be passed through the HTTP header of the incoming API responses. Header Value. Optional. Specifies the corresponding key value that could be passed through the HTTP header of the incoming API responses. As this property supports variable framework, you can make use of the available variables to specify the header value. For details about the variables available in webMethods API Gateway, see Variables Available in API Gateway. You can add more HTTP headers by clicking .

Property

Description

Schema

Validates the response payload against the appropriate schema.

Provide the following additional features for XML schema validation:

Feature name. Specifies the name of the feature for XML parsing when performing XML schema validation.
Select the required feature names from the list:
- GENERATE_SYNTHETIC_ANNOTATIONS
- ID_IDREF_CHECKING
- IDENTITY_CONSTRAINT_CHECKING
- IGNORE_XSL_TYPE
- NAMESPACE_GROWTH
- NORMALIZE_DATA
- ROOT_ELEMENT_DECL
- ROOT_TYPE_DEF
- SIGMA_AUGMENT_PSVI
- SCHEMA_DV_FACTORY
- SCHEMA_ELEMENT_DEFAULT
- SCHEMA_LOCATION
- SCHEMA_NONS_LOCATION
- SCHEMA_VALIDATOR
- TOLERATE_DUPLICATES
- ENPARSED_ENTITY_CHECKING
- VALIDATE_ANNOTATIONS
- XML_SCHEMA_FULL_CHECKING
- XMLSCHEMA_VALIDATION
For details about XML parsing features, see http://xerces.apache.org/xerces2-j/features.html and for details about the exact constants, see https://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/xerces/parsers/XML11Configuration.html.
Feature value. Specifies whether the feature value is True or False.

Content-types

Validates the content-types in the incoming response against the content-types defined in that response's API Specification.

HTTP Headers

Validates the HTTP header parameters in the incoming response against the HTTP headers defined in that response's API Specification.

Provide the following information:

Condition: Specifies the logical operator to use to validate multiple HTTP headers in the incoming API responses.
Available values are:
- AND. webMethods API Gateway accepts only the responses that contain all configured HTTP headers.
- OR. This is selected by default. webMethods API Gateway accepts responses that contain at least one configured HTTP header.
HTTP Header Key. Specifies a key that must be passed through the HTTP header of the incoming API responses.
Header Value. Optional. Specifies the corresponding key value that could be passed through the HTTP header of the incoming API responses. As this property supports variable framework, you can make use of the available variables to specify the header value.
For details about the variables available in webMethods API Gateway, see Variables Available in API Gateway.

You can add more HTTP headers by clicking .