Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Add advanced validation for AWS::Serverless::Api GET query params

0

Hello! Im trying to implement "advanced" validation to AWS::Serverless::Api GET request, **query **params.

I.e. minimal value of Int param: {page} should be 1. Or enum checking values

But my Api gateway doesnt handle these kind of validations and only checks whether param is set.

How to do that? I found on aws docs only information about body validation like creating models. However, it does not work with query-params

Thx

Cloudformation config

  SearchApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub ${AWS::StackName}
      StageName: !Ref StageName
      DefinitionBody:
        openapi: "3.0.1"
        info: {}
        paths:
          /api/search:
            get:
              parameters:
                - name: text
                  in: "query"
                  required: true
                  schema:
                    type: "string"

                - name: page
                  in: "query"
                  required: true
                  schema:
                    type: integer
                    minimum: 1

                - name: hitsPerPage
                  in: query
                  required: true
                  schema:
                    type: integer
                    minimum: 1

                - name: subscription
                  in: query
                  required: true
                  schema:
                    type: string
                    enum: [PLUS, FREE, HD]
                    
                - name: distributionTenant
                  in: query
                  required: true
                  schema:
                    type: "string"
                    minLength: 4
  
              responses:
                "200":
                  description: "200 response"
                  headers:
                    Access-Control-Allow-Origin:
                      schema:
                        type: "string"
                    Access-Control-Allow-Methods:
                      schema:
                        type: "string"
                    Access-Control-Allow-Credentials:
                      schema:
                        type: "string"
                    Access-Control-Allow-Headers:
                      schema:
                        type: "string"
                  content: {}
              x-amazon-apigateway-request-validator: "params-only"
              x-amazon-apigateway-integration:
                credentials: !Ref APIGatewayRole
                httpMethod: "POST"
                uri:
                  Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${SearchFunction.Arn}/invocations"
                passthroughBehavior: "when_no_match"
                type: "aws_proxy"

        x-amazon-apigateway-request-validators:
          params-only:
            validateRequestParameters: true
            validateRequestBody: false
Topics
ServerlessFront-End Web & MobileComputeNetworking & Content Delivery
Tags
Amazon API GatewayAWS Lambda Snapstart
Language
English
asked 2 years ago445 views
1 Answer
1
Accepted Answer

Hello,

Unfortunately, we do not have option to do advanced validation on the headers and query string parameters of incoming request. However, in case of Request Body, we can make use of JSON schema model to validate the payload structure.

As mentioned in the AWS documentation [1], API Gateway can perform the basic request validation, so that you can focus on app-specific validation in the backend i.e it validates if the required request parameters in the URI, query string, and headers of an incoming request are included and not blank.

In order to validate, if the query string parameter has a required pattern, you may need to implement a validation logic using Lambda Authorizer [2] or at the backend application.

References:

[1] https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html#api-gateway-request-validation-basic-definitions

[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

AWS
SUPPORT ENGINEER
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content