With the XML Schema Validation Policy, the part of the incoming message specified with XPath is validated.

If the part of the incoming message specified with XPath does not conform to the schema, the message is blocked from being sent to the Backend API. Thus, the Backend API is prevented from processing such erroneous or malicious messages, ensuring that it remains stable or does not perform unnecessary operations.

The use of this policy makes sense if the message body from the client is XML.

The image containing the policy settings is given below:

The policy fields are shown in the table below.




An optional description of the policy that may be useful for usage and management activities.

Specifies where in the body of the request message to be validated.

The XPath expression is entered as the value. The default value is set to return the "body" part of the message body.


The XML schema is entered. Since the XML Schema may contain another XML schema, if there are schemas that reference each other, they must all be included here.

You can visit the Policies page for the details of the Conditions and Error Message Customization panels.