Firstly create your specification object.
from openapi_core import Spec
spec = Spec.from_file_path('openapi.json')Now you can use it to validate against requests and/or responses.
Use validate_request function to validate request against a given spec. By default, OpenAPI spec version is detected:
from openapi_core import validate_request
# raise error if request is invalid
result = validate_request(request, spec=spec)Retrieve validated and unmarshalled request data from validation result
# get parameters object with path, query, cookies and headers parameters
validated_params = result.parameters
# or specific location parameters
validated_path_params = result.parameters.path
# get body
validated_body = result.body
# get security data
validated_security = result.securityRequest object should implement OpenAPI Request protocol (See :doc:`integrations`).
Use validate_response function to validate response against a given spec. By default, OpenAPI spec version is detected:
from openapi_core import validate_response
# raise error if response is invalid
result = validate_response(request, response, spec=spec)Retrieve validated and unmarshalled response data from validation result
# get headers
validated_headers = result.headers
# get data
validated_data = result.dataResponse object should implement OpenAPI Response protocol (See :doc:`integrations`).
openapi-core supports security for authentication and authorization process. Security data for security schemas are accessible from security attribute of RequestValidationResult object.
For given security specification:
security:
- BasicAuth: []
- ApiKeyAuth: []
components:
securitySchemes:
BasicAuth:
type: http
scheme: basic
ApiKeyAuth:
type: apiKey
in: header
name: X-API-Keyyou can access your security data the following:
# get basic auth decoded credentials
result.security['BasicAuth']
# get api key
result.security['ApiKeyAuth']Supported security types:
- http – for Basic and Bearer HTTP authentications schemes
- apiKey – for API keys and cookie authentication