Azure APIM Validate-Content Inbound policy, Validate Request Body

Question

I have api's in APIM, i need to validate request payload body(Json Format) foreach Post Request.

I followed steps from this https://learn.microsoft.com/en-us/azure/api-management/validation-policies#attributes

I have added proper json schema in Schemas :-

and i have added below policy in Inbound policy, mentioned schemaid with the above created schema.

 <validate-content unspecified-content-type-action="prevent" max-size="102400" size-exceeded-action="prevent" errors-variable-name="requestBodyValidation">
        <content type="application/json" validate-as="json" action="detect" schema-id="Postschema" />
    </validate-content>

Even after following above steps, if i make request with invalid json, i am still receiving 200 success response. What am i missing?

Answer 1

Please change the action detect to prevent for content-type application/json.

You can also change the action to detect for unspecified-content-type-action if you want to allow requests without content-type application/json.

Actions:

detect: Log validation errors, without interrupting request or response processing.

prevent: Block the request or response processing, log the verbose validation error, and return an error. Processing is interrupted when the first set of errors is detected.

<validate-content unspecified-content-type-action="prevent" max-size="102400" size-exceeded-action="prevent" errors-variable-name="requestBodyValidation">
        <content type="application/json" validate-as="json" action="prevent" schema-id="Postschema" />
</validate-content>