Early Request Validator Policy

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.

Performs generic validation steps on requests before authentication and returns customized responses. You can use this policy independently or together with the Authorized Request Validator Policy policy. For example, if a task requires a particular HTTP header, this policy can validate the header before incurring the cost of executing the pipeline. Although both Validator policies have the same configuration options, they execute at different times:

The Early Request Validator policy executes before authentication.
The Authorized Request Validator policy executes after authorization.

Policy fields include:


Field/Field set	Description
When this policy should be applied	An expression that defines one or more conditions that must be true for the policy to execute. Example: The expression `request.method == "POST"` causes the policy to execute only on `POST` requests.
Validation Checks	Checks to perform on the request.
Condition	An expression that should return true to abort the request. Note: You can't use the `request.remoteUser` or `request.isUserInRole()` functions with the Early Request Validator policy, which is applied before authentication. Instead, use the Authorized Request Validator policy and set the Condition parameter to the Boolean returned by these functions. Default value: False Example: `isNaN(parseInt(request.headers['X-My-Header']))`
Status	The HTTP Status code to use in the response. Default value: 400 (Bad Request) Example: 413 (Request Entity Too Large)
Response	Example: To return a custom HTML page: `{ 'Content-Type': 'text/html', entity: 'Bad request, see <a href="https://doc.example.com">here</a> for more details' }` To return a Location header for a 3xx status code: `{ Location: 'http://example.com/other' }`
Description	A customizable description. Default value: Requests are being validated against specified policy