| title | description | services | author | ms.service | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Azure API Management policy reference - validate-parameters | Microsoft Docs |
Reference for the validate-parameters policy available for use in Azure API Management. Provides policy usage, settings, and examples. |
api-management |
dlepow |
api-management |
article |
03/18/2024 |
danlep |
[!INCLUDE api-management-availability-all-tiers]
The validate-parameters policy validates the header, query, or path parameters in requests against the API schema.
Important
If you imported an API using a management API version prior to 2021-01-01-preview, the validate-parameters policy might not work. You may need to reimport your API using management API version 2021-01-01-preview or later.
[!INCLUDE api-management-validation-policy-schema-size-note]
[!INCLUDE api-management-policy-form-alert]
<validate-parameters specified-parameter-action="ignore | prevent | detect" unspecified-parameter-action="ignore | prevent | detect" errors-variable-name="variable name">
<headers specified-parameter-action="ignore | prevent | detect" unspecified-parameter-action="ignore | prevent | detect">
<parameter name="parameter name" action="ignore | prevent | detect" />
</headers>
<query specified-parameter-action="ignore | prevent | detect" unspecified-parameter-action="ignore | prevent | detect">
<parameter name="parameter name" action="ignore | prevent | detect" />
</query>
<path specified-parameter-action="ignore | prevent | detect">
<parameter name="parameter name" action="ignore | prevent | detect" />
</path>
</validate-parameters>| Attribute | Description | Required | Default |
|---|---|---|---|
| specified-parameter-action | Action to perform for request parameters specified in the API schema. When provided in a headers, query, or path element, the value overrides the value of specified-parameter-action in the validate-parameters element. Policy expressions are allowed. |
Yes | N/A |
| unspecified-parameter-action | Action to perform for request parameters that aren’t specified in the API schema. When provided in a headersor query element, the value overrides the value of unspecified-parameter-action in the validate-parameters element. Policy expressions are allowed. |
Yes | N/A |
| errors-variable-name | Name of the variable in context.Variables to log validation errors to. Policy expressions aren't allowed. |
No | N/A |
| Name | Description | Required |
|---|---|---|
| headers | Add this element and one or more parameter subelements to override default validation actions for certain named parameters in requests. If the parameter is specified in the API schema, this value overrides the higher-level specified-parameter-action configuration. If the parameter isn’t specified in the API schema, this value overrides the higher-level unspecified-parameter-action configuration. |
No |
| query | Add this element and one or more parameter subelements to override default validation actions for certain named query parameters in requests. If the parameter is specified in the API schema, this value overrides the higher-level specified-parameter-action configuration. If the parameter isn’t specified in the API schema, this value overrides the higher-level unspecified-parameter-action configuration. |
No |
| path | Add this element and one or more parameter subelements to override default validation actions for certain URL path parameters in requests. If the parameter is specified in the API schema, this value overrides the higher-level specified-parameter-action configuration. If the parameter isn’t specified in the API schema, this value overrides the higher-level unspecified-parameter-action configuration. |
No |
[!INCLUDE api-management-validation-policy-actions]
- Policy sections: inbound
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted
- This policy can only be used once in a policy section.
[!INCLUDE api-management-validation-policy-common]
In this example, all query and path parameters are validated in the prevention mode and headers in the detection mode. Validation is overridden for several header parameters:
<validate-parameters specified-parameter-action="prevent" unspecified-parameter-action="prevent" errors-variable-name="requestParametersValidation">
<headers specified-parameter-action="detect" unspecified-parameter-action="detect">
<parameter name="Authorization" action="prevent" />
<parameter name="User-Agent" action="ignore" />
<parameter name="Host" action="ignore" />
<parameter name="Referrer" action="ignore" />
</headers>
</validate-parameters>[!INCLUDE api-management-validation-policy-error-reference]
[!INCLUDE api-management-policy-ref-next-steps]