search

wso2 / docs-apim

Apache License 2.0
70 stars 393 forks source link

Update JSON Schema Validator Documentation with 'additionalProperties' Configuration #7964

Open npamudika opened 5 months ago

npamudika commented 5 months ago

Description: Response validation is not working correctly when using the following schema in the API definition.

schema:
    required:
        - Inventory
    type: object
    properties:
        Inventory:
            type: array
            items:
                type: object
                properties:
                    BusinessID:
                        type: string
                    CustomerID:
                        type: string
                    OrderQuantity:
                        type: number
                    LastOrderDate:
                        type: string
                    NextDeliveryDate:
                        type: string
                    IsDeliverable:
                        type: boolean
                    TotalPieces:
                        type: number
                    barcode:
                        type: string

The reason is that the following request is accepted by the API, even though there are some properties in the request that were not specified in the above schema.

{
    "Inventory": [
        {
            "BusinessID": "111AABB22",
            "CustomerID": "",
            "OrderQuantity": 0.0,
            "LastOrderDate": "",
            "NextDeliveryDate": "",
            "IsDeliverable": false,
            "TotalPieces": 10.0,
            "PiecesB2B": 10.0,
            "PiecesB2C": 0,
            "barcode": "1234567890"
        }
    ]
}

Solution is to use the above schema with 'additionalProperties: false' as follows, in order to prevent the acceptance of additional properties other than those specified in the schema.

schema:
    required:
        - Inventory
    type: object
    properties:
        Inventory:
            type: array
            items:
                type: object
                properties:
                    BusinessID:
                        type: string
                    CustomerID:
                        type: string
                    OrderQuantity:
                        type: number
                    LastOrderDate:
                        type: string
                    NextDeliveryDate:
                        type: string
                    IsDeliverable:
                        type: boolean
                    TotalPieces:
                        type: number
                    barcode:
                        type: string
                additionalProperties: false

Add 'additionalProperties' configuration in the documentation[1] along with a yaml format example, as this is a common requirement.

[1] https://apim.docs.wso2.com/en/4.1.0/design/api-security/api-request-response-schema-validation/json-schema-validator/#enabling-the-json-schema-validator

npamudika commented 5 months ago

Example yaml - https://github.com/OAI/OpenAPI-Specification/blob/main/schemas/v3.0/schema.yaml#L36