Authorized Request Validator rule

API rule to perform generic validation steps on requests after authorization

Performs generic validation steps on requests after authorization and returns customized responses. You can use this rule independently or with Early Request Validator rule. For example, if a Task requires a particular HTTP header in a particular format, this rule can validate it before incurring the cost of executing a pipeline.

Rule execution order

Although both rules have the same configuration options, the difference between the two rules is the order of execution:
  • The Early Request Validator rule executes before authentication.
  • The Authorized Request Validator rule executes after authorization.
Note: All expression-enabled fields in rules accept expressions from Understanding Expressions in SnapLogic and the API Policy Manager Functions
Field Description
When this rule should be applied An expression that defines one or more conditions that must be true for the rule to execute.

Example: The expression request.method == "POST" causes the rule to execute only on POST requests.

Validation Checks A table of checks to perform on the request.

Default value: N/A

Example: N/A
Condition An expression that should return true if the request should be aborted.
Note:

You cannot use request.remoteUser or request.isUserInRole() functions with the Early Request Validator rule, which is applied before authentication. Instead, use the Authorized Request Validator rule and set the Condition parameter to the Boolean returned by these functions.

Default value: False

Example: isNaN(parseInt(request.headers['X-My-Header']))
Status The HTTP Status code to use in the response.

Default value: 400 (Bad Request)

Example: 413 (Request Entity Too Large)
Response The response to send to the client.

Default value: N/A

Example:

To return a custom HTML page:

{
    'Content-Type': 'text/html',
    entity: 'Bad request, see <a href="https://doc.example.com">here</a> for more details'
}

To return a Location header for a 3xx status code:

{
		Location: 'http://example.com/other'
}
Description

Required. A brief description of this rule.

Default value: Requests are being authorized against specified rules
Note:

These rules allow a great deal of flexibility in determining how a request is handled before it reaches a Pipeline; as such, you must carefully consider the request flow of your API when configuring this rule.