Home / Kong Plugin Hub
Edit
Report

OAS Validation

Overview Get started Configuration reference Changelog
Related Documentation
All Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Minimum Version
Kong Gateway - 3.1
Tags
#traffic-control #openapi
Related Resources
Event Hooks

Validate HTTP requests and responses against an OpenAPI Specification.

The plugin supports Swagger v2 and OpenAPI 3.0.x and 3.1.0 specifications with a JSON Schema validator that supports Draft 2019-09.

Supported OpenAPI 3.1.0 specification features

Starting with Kong Gateway 3.7, the OAS Validation plugin supports the following OpenAPI specification features:

Category

Supported

Not supported
Request body application/json application/xml
multipart/form-data
text/plain
text/xml
Response body application/json -
Request parameters path
query
header
cookie 		-
Schema allOf
oneOf
anyOf 		-
Parameter serialization style
explode 		-

Using Event Hooks with OAS Validation

Event Hooks are outbound calls from Kong Gateway. With Event Hooks, Kong Gateway can communicate with target services or resources, letting the target know that an event was triggered.

For the OAS Validation plugin, Event Hook events can be enabled when a validation fails for:

  • All request parameters, including: URI, header, query parameters, and request body
  • The response body from the upstream service

To configure an Event Hook for the OAS Validation plugin, you’ll need to pass the following parameters:

Event Hook Parameter

Value
source oas-validation
event validation-failed
handler webhook
on_change true
config.url Your webhook URL

If validation fails, the webhook URL receives a response with JSON payload, which includes the forwarded IP address, Gateway Service and Consumer information, and the error message.

See the Event Hooks reference for details on how to configure an Event Hook.

FAQs

How can I prevent the OAS Validation plugin from validating the ETag header with the If-Match header?

If a request contains the If-Match request header, the OAS Validation plugin follows RFC 2616 to validate the Etag response header.

If you don’t want the plugin to validate the Etag with the If-Match request header, send the If-Match header with a wildcard (*) to skip validation.

For example:

curl http://localhost:8000/example-route \
  -H 'If-Match:*'
Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support