Validate REST request format
Edit on GitHubGlue API lets you validate requests sent to REST endpoints. It lets you check whether all required fields are present and whether the type and format of the fields are correct.
Install the RestRequestValidation
module
To enable validation of REST requests, install the RestRequestValidation
module by following Glue API: REST Schema Validation feature integration.
Use default validation schema
Spryker Glue API comes with a default validation schema. The schema provides default validation rules for the REST APIs shipped with Spryker. You can find it in vendor/spryker/rest-request-validator/config/dist.validation.yaml
. Use the schema as a sample and reference for your own validation implementations.
By default, the schema is not applied.
Validate APIs
To apply validation rules to an API, follow these steps:
-
Copy the default validation schema to the project level and to each API module that you want to be validated. For example, to provide validation for the
StoresRestAPI
module, copy the schema tosrc/Pyz/Glue/StoresRestAPI/Validation
. -
Rename the file to the name of the API you are providing validation for.
ForStoresRestAPI
, the name isSTORES.validation.yaml
. -
Specify validation for the endpoints provided by the API. Follow the format described in the validation rule format.
-
Generate validation cache:
vendor/bin/console rest-api:build-request-validation-cache
By default, a validation cache is generated for the current store. To generate it for a specific store, use the APPLICATION_STORE
variable.
See the following example:
APPLICATION_STORE=AT vendor/bin/console rest-api:build-request-validation-cache
Make sure src/Pyz/Generated/Glue/Validator/validation.cache
has been updated.
The API endpoints that you’ve provided validation rules for validate all incoming requests.
Validation rule format
The general format of validation YAML files is as follows:
endpoint_name1:
method:
field1:
- Constraint1
- Constraint2
- ConstraintWithParameters:
parameterName: '/\w*/'
field2:
- Constraint1
endpoint_name2:
method:
field1:
- Constraint1
The validation rules are the same as those of the Symfony Validator component. For details, see Supported Constraints.
Deactivate validation of core-level fields
To deactivate validation of a field of an API shipped with Spryker, on a project or store level, override the field without any constraints.
For example, if an API is validated on the core level as follows:
access-tokens:
post:
username:
- NotBlank
- Email
- Regex:
pattern: '/\w*/'
refresh-tokens:
post:
refresh_token:
- Required
To remove the validation of the username
field, override the field on the project or store level as follows:
access-tokens:
post:
username:
refresh-tokens:
post:
refresh_token:
- Required
Make fields optional
By default, all the request fields are required. To make a field optional, write the schema as follows:
refresh-tokens:
post:
refresh_token:
- Optional:
constraints:
- NotBlank
Validation cache
All validation rules in Spryker Glue API are cached.
To apply new or updated rules, rebuild the validation cache:
vendor/bin/console rest-api:build-request-validation-cache
By default, a validation cache is generated for the current store. To generate it for a specific store, use the APPLICATION_STORE
variable.
See the following example:
APPLICATION_STORE=AT vendor/bin/console rest-api:build-request-validation-cache
For validation, you can use a Spryk:
console spryk:run AddGlueValidation --mode=project --module=ResourcesRestApi --organization=Pyz --resourceType=resources
This command places the default validation.yaml
file into the specified module. You need to add attributes manually.
Thank you!
For submitting the form