JSON Schema Validation Policy

General Information

Policy Type

policy-json-schema-validation

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

---

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

Header	Value
Authorization	Bearer {token}

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-json-schema-validation",
            "name": "json-validation-policy",
            "description": "Validate JSON request body",
            "active": true,
            "pathForBody": "$",
            "schemaDefinitionList": [
              {
                "schemaNo": 0,
                "schemaBody": "{\n  \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n  \"type\": \"object\",\n  \"properties\": {\n    \"name\": {\n      \"type\": \"string\"\n    },\n    \"age\": {\n      \"type\": \"integer\",\n      \"minimum\": 0\n    }\n  },\n  \"required\": [\"name\", \"age\"]\n}",
                "systemId": null,
                "targetNamespace": null,
                "rootSchema": true
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

---

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-json-schema-validation",
    "description": "Validate JSON request body against schema",
    "active": true,
    "pathForBody": "$",
    "showFirstErrorOnly": true,
    "validateAgainstSpec": false,
    "schemaDefinitionList": [
      {
        "schemaNo": 0,
        "schemaBody": "{\n  \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n  \"type\": \"object\",\n  \"properties\": {\n    \"name\": {\n      \"type\": \"string\",\n      \"minLength\": 1,\n      \"maxLength\": 100\n    },\n    \"email\": {\n      \"type\": \"string\",\n      \"format\": \"email\"\n    },\n    \"age\": {\n      \"type\": \"integer\",\n      \"minimum\": 0,\n      \"maximum\": 150\n    },\n    \"active\": {\n      \"type\": \"boolean\"\n    }\n  },\n  \"required\": [\"name\", \"email\"],\n  \"additionalProperties\": false\n}",
        "systemId": null,
        "targetNamespace": null,
        "rootSchema": true
      }
    ]
  }
}

Full JSON Body Example - Validate Against OpenAPI Spec

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-json-schema-validation",
    "description": "Validate against OpenAPI specification",
    "active": true,
    "showFirstErrorOnly": false,
    "validateAgainstSpec": true,
    "openApiValidationMode": "METHOD_BASED"
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Default	Description
targetScope	string	Yes	-	Policy scope: ALL or ENDPOINT
targetEndpoint	string	No*	-	Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethod	string	No*	-	HTTP method (required if targetScope=ENDPOINT)
targetPipeline	string	Yes	-	Pipeline: REQUEST, RESPONSE, or ERROR
deploy	boolean	No	true	Whether to deploy after adding policy
deployTargetEnvironmentNameList	array	No	[]	List of environment names to deploy to
order	integer	No	null	Policy execution order (starts from 1)

Enum: targetScope

• ALL - Policy applies to all endpoints
• ENDPOINT - Policy applies only to specified endpoint

Enum: targetPipeline

• REQUEST - Executes in request pipeline (validates request body)
• RESPONSE - Executes in response pipeline (validates response body)
• ERROR - Executes in error pipeline

Enum: targetEndpointHTTPMethod

• GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

policy

Field	Type	Required	Default	Description
type	string	Yes	-	Policy type: policy-json-schema-validation
description	string	No	-	Policy description
active	boolean	No	true	Whether policy is active
pathForBody	string	No	-	JSONPath expression to locate JSON body to validate
showFirstErrorOnly	boolean	No	true	When true, only the first validation error is returned. When false, all validation errors are returned.
validateAgainstSpec	boolean	No	false	When true, validates against the API Proxy's OpenAPI specification instead of manual schema definitions. schemaDefinitionList is not required when this is enabled.
openApiValidationMode	string	No*	-	OpenAPI validation mode (required if validateAgainstSpec=true): METHOD_BASED or ALL_SCHEMAS
schemaDefinitionList	array	No*	-	List of JSON schema definitions (required if validateAgainstSpec=false)

JSONPath Examples

• $ - Root of JSON document
• $.data - Data property at root
• $.users[0] - First element in users array
• $.request.body - Nested path

EnumOpenApiValidationMode

• METHOD_BASED - Validates against the schema matching the request's HTTP method and path. Each endpoint/method combination is validated against its own schema definition from the OpenAPI spec.
• ALL_SCHEMAS - Validates against all schema definitions in the OpenAPI spec. The request body must conform to at least one of the defined schemas.

Note

• Either schemaDefinitionList (manual schemas) or validateAgainstSpec: true (OpenAPI spec) must be provided.
• If validateAgainstSpec: true, openApiValidationMode is required and schemaDefinitionList is ignored.
• If validateAgainstSpec: false or not set, schemaDefinitionList must contain at least one schema definition.
• pathForBody is optional. When set, it specifies which part of the JSON body to validate.

schemaDefinitionList

Each schema definition is an object with the following fields:

Field	Type	Required	Default	Description
schemaNo	integer	No	0	Schema number (for ordering multiple schemas)
schemaBody	string	Yes	-	JSON Schema definition (JSON string)
systemId	string	No	null	System ID for schema reference
targetNamespace	string	No	null	Target namespace (for XML compatibility)
rootSchema	boolean	No	false	Whether this is the root schema

JSON Schema Format

The schemaBody must be a valid JSON Schema (draft-07 or compatible). Example:

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "minLength": 1
    },
    "age": {
      "type": "integer",
      "minimum": 0
    }
  },
  "required": ["name"]
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/json-validation-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-json-schema-validation",
      "description": "Validate JSON request body",
      "active": true,
      "pathForBody": "$",
      "schemaDefinitionList": [
        {
          "schemaNo": 0,
          "schemaBody": "{\"$schema\":\"http://json-schema.org/draft-07/schema#\",\"type\":\"object\",\"properties\":{\"name\":{\"type\":\"string\"}},\"required\":[\"name\"]}",
          "rootSchema": true
        }
      ]
    }
  }'

---

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-json-schema-validation",
    "description": "Updated JSON schema validation",
    "active": true,
    "pathForBody": "$.data",
    "schemaDefinitionList": [
      {
        "schemaNo": 0,
        "schemaBody": "{\n  \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n  \"type\": \"object\",\n  \"properties\": {\n    \"id\": {\n      \"type\": \"integer\"\n    },\n    \"name\": {\n      \"type\": \"string\",\n      \"minLength\": 1\n    }\n  },\n  \"required\": [\"id\", \"name\"]\n}",
        "systemId": "user-schema",
        "rootSchema": true
      }
    ]
  }
}

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X PUT \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/json-validation-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-json-schema-validation",
      "description": "Updated JSON schema validation",
      "active": true,
      "pathForBody": "$",
      "schemaDefinitionList": [
        {
          "schemaNo": 0,
          "schemaBody": "{\"$schema\":\"http://json-schema.org/draft-07/schema#\",\"type\":\"object\",\"properties\":{\"name\":{\"type\":\"string\"}},\"required\":[\"name\"]}",
          "rootSchema": true
        }
      ]
    }
  }'

---

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

Header	Value
Authorization	Bearer {token}
Content-Type	application/json

Path Parameters

Parameter	Type	Required	Description
projectName	string	Yes	Project name
apiProxyName	string	Yes	API Proxy name
policyName	string	Yes	Policy name

Request Body

Full JSON Body Example

{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Request Body Fields

operationMetadata

Field	Type	Required	Description
targetScope	string	Yes	Policy scope: ALL or ENDPOINT
targetPipeline	string	Yes	Pipeline: REQUEST, RESPONSE, or ERROR
deploy	boolean	No	false

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

cURL Example

curl -X DELETE \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/json-validation-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": false
    }
  }'

---

Notes and Warnings

• Validation Modes: Two validation approaches are available:

  • Manual Schema: Provide your own JSON Schema definitions in schemaDefinitionList (default)
  • OpenAPI Spec: Set validateAgainstSpec: true to validate against the API Proxy's OpenAPI specification. Requires openApiValidationMode:
    • METHOD_BASED - Validates against the schema for the specific HTTP method and path
    • ALL_SCHEMAS - Validates against all schemas in the spec

• Error Reporting: showFirstErrorOnly controls whether only the first error (default) or all validation errors are returned. Set to false for detailed error reports during development.

• JSONPath: pathForBody is optional. When set, it specifies which part of the JSON body to validate using a JSONPath expression.

• Schema Definition: When not using OpenAPI spec validation, schemaDefinitionList must contain at least one schema definition.

• JSON Schema: schemaBody must be a valid JSON Schema (draft-07 or compatible)

• Schema Number: schemaNo is used for ordering when multiple schemas are defined

• Root Schema: Set rootSchema: true for the primary schema

• Validation Failure: When validation fails, the request/response is rejected with an error

• Performance: Schema validation adds processing overhead. Use for critical validation only.

• Pipeline:

  • REQUEST pipeline validates request body before processing
  • RESPONSE pipeline validates response body before sending to client

• Error Messages: Configure error messages in the policy to customize validation error responses

• Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.

Related Documentation

• List Policies - List all policies
• Add Policy - General policy addition guide
• Update Policy - General policy update guide
• Delete Policy - General policy deletion guide