title | description | last_updated | template | originalLink | originalArticleId | redirect_from | related | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Validate REST request format |
Learn about REST request validation format and how to validate requests in Glue API. |
Jun 16, 2021 |
howto-guide-template |
0e9175dc-05b2-4d72-9493-aac6220e27bd |
|
|
Glue API lets you validate requests sent to REST endpoints. It lets you check whether all required fields are present and whether the type and format of the fields are correct.
To enable validation of REST requests, install the RestRequestValidation
module by following Glue API: REST Schema Validation feature integration.
Spryker Glue API comes with a default validation schema. The schema provides default validation rules for the REST APIs shipped with Spryker. You can find it in vendor/spryker/spryker/Bundles/RestRequestValidator/config/validation.dist.yaml
. Use the schema as a sample and reference for your own validation implementations.
By default, the schema is not applied.
To apply validation rules to an API, follow these steps:
-
Copy the default validation schema to the project level and to each API module that you want to be validated. For example, to provide validation for the
StoresRestAPI
module, copy the schema tosrc/Pyz/Glue/StoresRestAPI/Validation
. -
Rename the file to the name of the API you are providing validation for.
ForStoresRestAPI
, the name isSTORES.validation.yaml
. -
Specify validation for the endpoints provided by the API. Follow the format described in the validation rule format.
-
Generate validation cache:
vendor/bin/console rest-api:build-request-validation-cache
{% info_block infoBox %}
By default, a validation cache is generated for the current store. To generate it for a specific store, use the APPLICATION_STORE
variable.
See the following example:
APPLICATION_STORE=AT vendor/bin/console rest-api:build-request-validation-cache
{% endinfo_block %}
{% info_block warningBox "Verification" %}
Make sure src/Pyz/Generated/Glue/Validator/validation.cache
has been updated.
{% endinfo_block %}
The API endpoints that you've provided validation rules for validate all incoming requests.
The general format of validation YAML files is as follows:
endpoint_name1:
method:
field1:
- Constraint1
- Constraint2
- ConstraintWithParameters:
parameterName: '/\w*/'
field2:
- Constraint1
endpoint_name2:
method:
field1:
- Constraint1
The validation rules are the same as those of the Symfony Validator component. For details, see Supported Constraints.
To deactivate validation of a field of an API shipped with Spryker, on a project or store level, override the field without any constraints.
For example, if an API is validated on the core level as follows:
access-tokens:
post:
username:
- NotBlank
- Email
- Regex:
pattern: '/\w*/'
refresh-tokens:
post:
refresh_token:
- Required
To remove the validation of the username
field, override the field on the project or store level as follows:
access-tokens:
post:
username:
refresh-tokens:
post:
refresh_token:
- Required
By default, all the request fields are required. To make a field optional, write the schema as follows:
refresh-tokens:
post:
refresh_token:
- Optional:
constraints:
- NotBlank
All validation rules in Spryker Glue API are cached.
To apply new or updated rules, rebuild the validation cache:
vendor/bin/console rest-api:build-request-validation-cache
{% info_block infoBox %}
By default, a validation cache is generated for the current store. To generate it for a specific store, use the APPLICATION_STORE
variable.
See the following example:
APPLICATION_STORE=AT vendor/bin/console rest-api:build-request-validation-cache
For validation, you can use a Spryk:
console spryk:run AddGlueValidation --mode=project --module=ResourcesRestApi --organization=Pyz --resourceType=resources
This command places the default validation.yaml
file into the specified module. You need to add attributes manually.
{% endinfo_block %}