Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

APIGateway does not perform request validation when called using POSTMan

Tags:

amazon-web-services

aws-api-gateway

Just learning my way through AWS - I have an APIGateway REST API setup with Lambda proxy integration. The API has a model defined, and request validation setup on the body using this model.

Say the model is

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "type": "object",
    "properties": {
        "propertyA": {
            "type": "string"
        },
        "propertyB": {
            "type": "string"
        },
        "propertyC": {
            "type": "string"
        },
        "propertyD": {
            "type": "string"
        }
    },
    "required": ["propertyA", "propertyB", "propertyC", "propertyD"]
}

Now, if I test the API via APIGateway console, and purposely give an invalid input (omitting a required property propertyD):

{
    "propertyA": "valueA",
    "propertyB": "valueB",
    "propertyC": "valueC"
}

the request fails with the error(400): Sun Jul 11 13:07:07 UTC 2021 : Request body does not match model schema for content type application/json: [object has missing required properties (["propertyD"])]

But when I invoke the same API(and stage) with the same invalid input from Postman, the validation seems to be not happening, and request is proxied to Lambda, which even returns a 200 OK as long as I comment out the parts of code that depend on propertyD.

What's the difference here? Should I be passing in any request header from the client side? I couldn't find anything from the AWS documentations

like image 281
Sriram Avatar asked Nov 03 '25 13:11

Sriram

1 Answers

Answering my question-

Issue was with the headers used in the request - Postman defaulted the JSON as a Content-Type of text/plain, I had to switch to JSON using the dropdown in Body tab to make PostMan set the Content-Type to application/json

Following this post seems to have fixed the problem: https://itnext.io/how-to-validate-http-requests-before-they-reach-lambda-2fff68bfe93b, although it doesn't explain how

Apparently the magic lies with the config adding Content-Type Header under HTTP Request Headers section, even though the header is set correctly as application/json in PostMan.

like image 124
Sriram Avatar answered Nov 06 '25 04:11

Sriram

Sign in to Comment

Related questions

aws s3 CLI commands are exiting batch file early
Weird malformed cookies returned from REST api (sometimes)
AWS CLI Find All Security Groups which Contain a Rule Allowing All Traffic from All Sources

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!