-
Notifications
You must be signed in to change notification settings - Fork 370
Strict validation mode for undefined parameters? #181
Comments
+1. That sounds like a useful tool to me. |
Sounds useful to me as well. |
+1. (thumbsup) |
+1 |
Any other library which provides this feature? |
Not that I'm aware of. I created an issue here: apigee-127/sway#94 |
+1 Would really need this, having to double check everything before saving to the db is a pain. |
To anyone coming here from google: This feature basically already exists, although you have to opt in to it on each route by setting Here's an example of a specification in yaml: /api/example:
post:
- name: things
in: body
required: true
schema:
type: object
properties:
id:
type: integer
format: int64
name:
type: string
additionalProperties: false Notice the last line. Swagger-tools will now prevent anyone from sending properties on the body other than id and name. |
I wonder if it would be useful to have a strict validation mode for input parameters? This way the API could automatically respond with an error if params are included that are not defined in the Swagger spec (validation right now is only for type/format/required). This could be really useful for
query
,body
, andformData
parameter types. Probably not so desirable forheader
params, and not really relevant topath
parameters (which already get validated fully).As it stands right now, controller code has to revalidate passed parameters before saving (you can't just use the
body
orformData
and stick it in a db, as even unspecified fields get saved). Same withquery
parameters: unspecified ones have to be validated and omitted manually, and the controller needs to return their own errors here so as not to confuse API consumers.Any thoughts?
The text was updated successfully, but these errors were encountered: