Validate requests before they reach their upstream Service. Supports request body validation, according to a schema. Note: the schema format is NOT JSON schema compliant; instead, Kong’s own schema format is used.
Terminology
plugin: a plugin executing actions inside Kong before or after a request has been proxied to the upstream API.Service: the Kong entity representing an external upstream API or microservice.Route: the Kong entity representing a way to map downstream requests to upstream services.Consumer: the Kong entity representing a developer or machine using the API. When using Kong, a Consumer only communicates with Kong which proxies every call to the said upstream API.Credential: a unique string associated with a Consumer, also referred to as an API key.upstream service: this refers to your own API/service sitting behind Kong, to which client requests are forwarded.
Configuration
Enabling the plugin on a Service
With a database
Configure this plugin on a Service by making the following request:
$ curl -X POST http://kong:8001/services/{service}/plugins \
--data "name=request-validator" \
--data "config.body_schema=[{"name":{"type": "string", "required": true}}]"
Without a database
Configure this plugin on a Service by adding this section do your declarative configuration file:
plugins:
- name: request-validator
service: {service}
config:
body_schema: [{"name":{"type": "string", "required": true}}]
In both cases, {service} is the id or name of the Service that this plugin configuration will target.
Enabling the plugin on a Route
With a database
Configure this plugin on a Route with:
$ curl -X POST http://kong:8001/routes/{route}/plugins \
--data "name=request-validator" \
--data "config.body_schema=[{"name":{"type": "string", "required": true}}]"
Without a database
Configure this plugin on a Route by adding this section do your declarative configuration file:
plugins:
- name: request-validator
route: {route}
config:
body_schema: [{"name":{"type": "string", "required": true}}]
In both cases, {route} is the id or name of the Route that this plugin configuration will target.
Enabling the plugin on a Consumer
With a database
You can use the http://localhost:8001/plugins endpoint to enable this plugin
on specific Consumers:
$ curl -X POST http://kong:8001/consumers/{consumer}/plugins \
--data "name=request-validator" \
\
--data "config.body_schema=[{"name":{"type": "string", "required": true}}]"
Without a database
Configure this plugin on a Consumer by adding this section do your declarative configuration file:
plugins:
- name: request-validator
consumer: {consumer}
config:
body_schema: [{"name":{"type": "string", "required": true}}]
In both cases, {consumer} is the id or username of the Consumer that this plugin configuration will target.
You can combine consumer_id and
service_id
in the same request, to furthermore narrow the scope of the plugin.
Global plugins
- Using a database, all plugins can be configured using the
http://kong:8001/plugins/endpoint. - Without a database, all plugins can be configured via the
plugins:entry on the declarative configuration file.
A plugin which is not associated to any Service, Route or Consumer (or API, if you are using an older version of Kong) is considered "global", and will be run on every request. Read the Plugin Reference and the Plugin Precedence sections for more information.
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
| form parameter | default | description |
|---|---|---|
name | The name of the plugin to use, in this case request-validator | |
service_id | The id of the Service which this plugin will target. | |
route_id | The id of the Route which this plugin will target. | |
enabled | true | Whether this plugin will be applied. |
consumer_id | The id of the Consumer which this plugin will target. | |
config.body_schema
|
Array of schema fields |
Examples
Overview
By applying the plugin to a Service, all requests to that Service will be validated before being proxied.
With a database
Use a request like this:
curl -i -X POST http://kong:8001/services/{service}/plugins \
--data "name=request-validator" \
--data 'config.body_schema=[{"name":{"type": "string", "required": true}}]'
Without a database
Add the following entry to the plugins: section in the declarative configuration file:
plugins:
- name: request-validator
service: {service}
config:
body_schema:
name:
type: string
required: true
The parameters/fields in both cases mean:
| form parameter | description |
|---|---|
{service} |
The id or name of the Service to which the plugin will be associated. |
name |
The name of the plugin to use, in this case: request-validator |
config.body_schema |
The request body schema specification |
In this example, the request body data would have to be a valid JSON and
conform to the schema specified in body_schema - i.e., it would be required
to contain a name field only, which needs to be a string.
Schema Definition
The config.body_schema field expects a JSON array with the definition of each
field expected to be in the request body; for example:
Each field definition contains the following attributes:
| Attribute | Required | Description |
|---|---|---|
type |
yes | The expected type for the field |
required |
no | Whether or not the field is required |
Additionally, specific types may have their own required fields:
Map:
| Attribute | Required | Description |
|---|---|---|
keys |
yes | The schema for the map keys |
values |
yes | The schema for the map values |
Example string-boolean map:
{
"type": "map",
"keys": {
"type": "string"
},
"values": {
"type": "boolean"
}
}
Array:
| Attribute | Required | Description |
|---|---|---|
elements |
yes | The array’s elements schema |
Example integer array schema:
{
"type": "array",
"elements": {
"type": "integer"
}
}
Record:
| Attribute | Required | Description |
|---|---|---|
fields |
yes | The record schema |
Example record schema:
{
"type": "record",
"fields": [
{
"street": {
"type": "string",
}
},
{
"zipcode": {
"type": "string",
}
}
]
}
The type field assumes one the following values:
stringnumberintegerbooleanmaparrayrecord
Each field specification may also contain “validators”, which perform specific validations:
| Validator | Applies to | Description |
|---|---|---|
between |
Integers | Whether the value is between two integer. Specified as an array; e.g., {1, 10} |
len_eq |
Arrays, Maps, Strings | Whether an array’s length is a given value |
len_min |
Arrays, Maps, Strings | Whether an array’s length is at least a given value |
len_max |
Arrays, Maps, strings | Whether an array’s length is at most a given value |
match |
Strings | True if the value matches a given Lua pattern ** |
not_match |
String | True if the value doesn’t match a given Lua pattern ** |
match_all |
Arrays | True if all strings in the array match the specified Lua pattern ** |
match_none |
Arrays | True if none of the strings in the array match the specified Lua pattern ** |
match_any |
Arrays | True if any one of the strings in the array matches the specified Lua pattern ** |
starts_with |
Strings | True if the string value starts with the specified substring |
one_of |
Strings, Numbers, Integers | True if the string field value matches one of the specified values |
timestamp |
Integers | True if the field value is a valid timestamp |
uuid |
Strings | True if the string is a valud UUID |
Note: check this out to learn about Lua patterns.
Schema Example
[
{
"name": {
"type": "string",
"required": true
}
},
{
"age": {
"type": "integer",
"required": true
}
},
{
"address": {
"type": "record",
"required": true,
"fields": [
{
"street": {
"type": "string",
"required": true
}
},
{
"zipcode": {
"type": "string",
"required": true
}
}
]
}
}
]
Such a schema would validate the following request body:
{
"name": "Gruce The Great",
"age": 4,
"address": {
"street": "251 Post St.",
"zipcode": "94108"
}
}
In case either the JSON or schema validation fail, a 400 Bad Request will
be returned as response.
Further References
Check out the Kong docs on storing custom entities here.