Menu
Amazon API Gateway
Developer Guide

Enable Basic Request Validation for an API in API Gateway

You can configure API Gateway to perform basic validation of an API request before proceeding with the integration request. When the validation fails, API Gateway immediately fails the request, returns a 400 error response to the caller, and publishes the validation results in CloudWatch Logs. This reduces unnecessary calls to the backend. More importantly, it lets you focus on the validation efforts specific to your application.

Overview of Basic Request Validation in API Gateway

API Gateway can perform the basic validation. This enables you, the API developer, to focus on app-specific deep validation in the backend. For the basic validation, API Gateway verifies either or both of the following conditions:

  • The required request parameters in the URI, query string, and headers of an incoming request are included and non-blank.

  • The applicable request payload adheres to the configured JSON-Schema request model of the method.

To enable basic validation, you specify validation rules in a request validator, add the validator to the API's map of request validators, and assign the validator to individual API methods.

Note

Request body validation and request body passthrough are two separate issues. When a request payload cannot be validated because no model schema can be matched, you can choose to passthrough or block the original payload. For example, when you enable request validation with a mapping template for the application/json media type, you may want to pass an XML payload through to the backend even though the enabled request validation will fail. This may be the case if you expect to support the XML payload on the method in the future. To fail the request with an XML payload, you must explicitly choose the NEVER option for the content passthrough behavior.