Use request validation in API Gateway - Amazon API Gateway

Use request validation in API Gateway

You can configure API Gateway to perform basic validation of an API request before proceeding with the integration request. When the validation fails, API Gateway immediately fails the request, returns a 400 error response to the caller, and publishes the validation results in CloudWatch Logs. This reduces unnecessary calls to the backend. More importantly, it lets you focus on the validation efforts specific to your application. You can validate a request body by verifying that required request parameters are valid and non-null or by specifying a model schema for more complicated data validation.

Overview of basic request validation in API Gateway

API Gateway can perform the basic request validation, so that you can focus on app-specific validation in the backend. For validation, API Gateway verifies either or both of the following conditions:

  • The required request parameters in the URI, query string, and headers of an incoming request are included and not blank.

  • The applicable request payload adheres to the configured JSON schema request of the method.

To turn on validation, you specify validation rules in a request validator, add the validator to the API's map of request validators, and assign the validator to individual API methods.

Note

Request body validation and Integration passthrough behaviors are two separate topics. When a request payload does not have a matching model schema, you can choose to passthrough or block the original payload. For more information, see Integration passthrough behaviors.