Versions Compared

Old Version 10

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version 11

changes.mady.by.user Kendy Li

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use the Authorized and Early Request Validator API policies to perform generic validation steps on requests and return customized responses. You can use both policies in tandem or just one. For example, if a Task requires a particular HTTP header in a particular format, that can be validated with one of these API policies before incurring the cost of executing a Pipeline. 

Policy Execution Order

Although both policies have the same configuration options, the difference between the two API policies is the order of execution:

  • The Early Request Validator policy executes before authentication.
  • The Authorized Request Validator policy executes after authorization.


Multiexcerpt include macro
nameExpression Enabled Fields
pageAnonymous Authenticator

Parameter NameDescriptionDefault ValueExample
LabelRequired. The name for the API policy.

Authorized Request Validator

Early Request Validator

AuthValUserID

EarlyValToken

When this policy should be appliedAn expression enabled field that determines the condition to be fulfilled for the API policy to execute.Truerequest.method == "POST"
Validation ChecksA table of checks to perform on the request.N/AN/A
Condition

An expression that should return true if the request should be aborted.

Note

You cannot use request.remoteUser or request.isUserInRole() functions with the Early Request Validator policy since it is applied before authentication happens. Instead, use the Authorized Request Validator policy instead if the Condition checks the values specified by these functions.


FalseisNaN(parseInt(request.headers['X-My-Header]))
StatusThe HTTP Status code to use in the response.400 (Bad Request)413 (Request Entity Too Large)
ResponseThe response to send to the client.N/A
  • To return a custom HTML page:
{

'Content-Type': 'text/html',
entity: 'Bad request, see <ahref="https://doc.example.com">here</a> for more details'
}
StatusIndicates whether the API policy is enabled or disabled. EnabledDisabled


Note

These policies allow a great deal of flexibility in determining how a request is handled before it reaches a Pipeline; ss such, you must carefully consider the request flow of your API when configuring this policy.  

Example

Use this policy to ensure a request is valid before the Triggered Task is executed by applying these settings in the dialog

  • Condition: !(request.uri.query matches { id: /\d+/ })
  • Status: 400
  • Response: Try Again

Where the Response expects an ID query parameter that is a number.


See Also