JSON Validator Policy

Use the JSON Validator policy to validate a request against a JSON schema. Limit JSON structures to minimize content-level attacks.

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.
Validates a request against a JSON schema. You can specify limits on various JSON structures, such as arrays and strings. This capability minimizes the risk posed by content-level attacks. The policy applies only to requests with the Content-Type set to application/json.

Policy execution order

This JSON Validator policy executes after the request is authenticated.

Policy fields include:

Field/Field set Description
When this policy should be applied An expression that defines one or more conditions that must be true for the policy to execute.

Example: The expression request.method == "POST" causes the policy to execute only on POST requests.

Edit Json Schema Launches the JSON editor to compose the schema to use for validation. The editor loads an existing JSON document if defined previously.

Default value: Empty JSON file

Example: 

{
    "$schema": "http://json-schema.org/draft-06/schema#",
    "type": "object",
    "properties": {
        "foo": {
            "type": "integer"
        },
        "bar": {
            "type": "string"
        }
    }
}
Description

A customizable description.

Default value: Requests are being validated against the specified schema

Troubleshooting policy violations

The JSON Validator policy now returns the actual policy violation error to the API caller. Each error type is parameterized and added to the response in the "SL_Policy_Error" header.

The following image provides an example of a policy violation error.

Policy Violation Error Image

First, a required field (productId) is missing a value. Secondly, the value for the price field is invalid.