openapi-request-response-validation
openapi-request-response-validation copied to clipboard
gcatanese
Validation of request/response according to OpenAPI specs
OpenAPI validator
This tool allows the validation at runtime of the API requests responses according to the OpenAPI specs.
There are several tools that can validate an OpenAPI specification, but there are no many options to ensure that the API contracts are honoured by the API we are developing.
This tool make sure that the API requests and responses are valid according to the OpenAPI specification of the API.
More on Validating API requests and responses
The openapi-request-response-validator is a SpringBoot (Java) application implementing a REST controller to allow Postman scripts (or other clients) to send the payload to be validated. The OpenAPI file can be supplied at startup.
How does it work?
You work with Postman to test the API endpoints, sending a request and verify the response. Thanks to Postman Test Scripts it is possible to add custom scripts to access the request, response and headers programmatically and send them to the OpenAPI Request-Response Validator.
Postman tests (with assertions) can be defined to confirm the JSON payloads are valid according to the API specification.
The outcome of the validation (together with the list of errors — if any) is returned to Postman (displayed in the Postman console) and logged by the application.
How to run
Steps:
- add the snippet below in the Collection Tests
- provide the OpenAPI file
- launch the
openapi-request-response-validationtool (Java app or using Docker) - run the Postman requests against your service or application
Collection Test snippet
In the Collection Tests add the snippet below. It will run after every request in the collection.
What does it do? After executing the request the Test Script will send request, response and headers to the validator.
openapiRequestResponseValidation = {
validate: function(pm) {
// build path without baseUrl
var baseUrl = pm.collectionVariables.get("baseUrl");
baseUrl = baseUrl.replace('https://','');
baseUrl = baseUrl.replace(pm.request.url.getHost(),'');
var path = pm.request.url.getPath().replace(baseUrl,'');
console.log('Validation for ' + path);
const postRequest = {
url: 'http://localhost:8080/validate',
method: 'POST',
header: {'Content-Type': 'application/json'},
body: {
mode: 'raw',
raw: JSON.stringify({
method: pm.request.method,
path: path,
headers: pm.request.headers,
requestAsJson: (pm.request.body != "") ? pm.request.body.raw : null,
responseAsJson: pm.response.text(),
statusCode: pm.response.code
})
}
};
pm.sendRequest(postRequest, (error, response) => {
if(error != undefined) {
pm.expect.fail('Unexpected error ' + error);
} else {
var data = response.json();
if(data.valid == false) {
console.log(data.errors);
}
pm.test("OpenAPI validation", () => {
pm.expect(data.valid, "Invalid request/response (check Console)").to.equal(true);
});
}
});
}
};
openapiRequestResponseValidation.validate(pm);
Provide the OpenAPI spec file
Copy/rename your OpenAPI specs to openapi/openapi.yaml or openapi/openapi.json
Start the tool (Java)
Run the Java application
java -jar target/openapi-request-response-validator.jar
Run the Java application with custom port and spec file
java -jar target/openapi-request-response-validator.jar --server.port=8888 --INPUT_SPECS=/path/to/myopenapi.yaml
Start the tool (Docker)
You can run the tool on Docker
# run using default openapi/openapi.yaml or openapi/openapi.json
docker run -v $(pwd):/openapi -it --rm --name openapi-request-response-validation \
gcatanese/openapi-request-response-validation
# run using custom location of the OpenAPI file
docker run -v $(pwd):/openapi -e INPUT_SPECS=/tmp/openapi.yaml \
-it --rm --name openapi-request-response-validation \
gcatanese/openapi-request-response-validation
Run Postman requests
Run the Postman requests and check the Test tab
Using Atlassian Swagger Validator, Postman and Docker
gcatanese