SOAP Message Validation policy

The SOAP Message Validation policy does the following:

  • Validates any XML message against their XSD schemas
  • Validates SOAP messages against a WSDL definition
  • Determines well-formedness of JSON and XML messages

While the name of this policy in the UI is "SOAP Message Validation", the policy validates more than just SOAP messages. This section refers to the policy as the "Message Validation policy".

<MessageValidation> element

Defines the Message Validation policy.

Default Value See Default Values tab, below
Required? Optional
Type Complex object
Parent Element n/a
Child Elements <DisplayName>
<Element>
<SOAPMessage>
<Source>
<ResourceURL>

Syntax

The <MessageValidation> element uses the following syntax:

<MessageValidation
  continueOnError="[false|true]"
  enabled="[true|false]"
  name="policy_name"
>
    <!-- All MessageValidation child elements are optional -->
    <DisplayName>policy_display_name</DisplayName>
    <Element namespace="element_namespace">element_to_validate</Element>
    <SOAPMessage version="[ 1.1 | 1.2 | 1.1/1.2 ]"/>
    <Source>message_to_validate</Source>
    <ResourceURL>validation_WSDL_or_XSD</ResourceURL>

</MessageValidation>

Default Policy

The following example shows the default settings when you add a Message Validation policy to your flow in the Edge UI:

<MessageValidation continueOnError="false" enabled="true" name="SOAP-Message-Validation-1">
  <DisplayName>SOAP Message Validation-1</DisplayName>
  <Properties/>
  <Element namespace="http://sample.com">sampleObject</Element>
  <SOAPMessage/>
  <Source>request</Source>
  <ResourceURL>wsdl://SOAP-Message-Validation-1.wsdl</ResourceURL>
</MessageValidation>

This element has the following attributes that are common to all policies:

Attribute Default Required? Description
name N/A Required

The internal name of the policy. The value of the name attribute can contain letters, numbers, spaces, hyphens, underscores, and periods. This value cannot exceed 255 characters.

Optionally, use the <DisplayName> element to label the policy in the management UI proxy editor with a different, natural-language name.

continueOnError false Optional Set to "false" to return an error when a policy fails. This is expected behavior for most policies. Set to "true" to have flow execution continue even after a policy fails.
enabled true Optional Set to "true" to enforce the policy. Set to "false" to "turn off" the policy. The policy will not be enforced even if it remains attached to a flow.
async  not_interested false Deprecated This attribute is deprecated.

Examples

The following examples show some of the ways in which you can use the Message Validation policy:

1: XSD Validation

You can use the Message Validation policy to validate an XML message request's payload against an XSD schema.

  1. Create a new XSD resource file. For example, "note-schema.xsd":
    <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
      <xs:element name="note">
        <xs:complexType>
          <xs:sequence>
            <xs:element name="to" type="xs:string"/>
            <xs:element name="from" type="xs:string"/>
            <xs:element name="heading" type="xs:string"/>
            <xs:element name="body" type="xs:string"/>
          </xs:sequence>
        </xs:complexType>
      </xs:element>
    </xs:schema>
  2. Add the SOAP Message Validation policy to your proxy endpoint's pre-flow:
    1. Specify the location of your XSD resource file with the <ResourceURL> element. For example:
      ...
        <ResourceURL>xsd://note-schema.xsd</ResourceURL>
      ...
    2. Remove the <SOAPMessage> and <Element> elements from the policy definition.

    Your policy definition should look like the following:

    <MessageValidation continueOnError="false"
        enabled="true" name="validateXMLRequest">
      <DisplayName>My XML Validator</DisplayName>
      <Properties/>
      <Source>request</Source>
      <ResourceURL>xsd://note-schema.xsd</ResourceURL>
    </MessageValidation>
  3. Send a POST request to your API proxy with your XML as the message payload, as the following example shows:
    curl -v -X POST -H 'Content-Type: application/xml' http://my-test.apigee.net/v1/xsd-mock
      -d '<note>
      <to>Fred Rogers</to>
      <from>Nick Danger</from>
      <heading>Greetings from my neighborhood</heading>
      <body>Just writing to say hello.</body>
    </note>'

    Notice that the Content-type header is set to "application/xml".

    You can also create a data file for the payload and reference it with a command similar to the following:

    curl -v -X POST -H 'Content-type: application/xml' http://my-test.apigee.net/v1/xsd-mock
      --data '@../examples/note-payload.xml'

You should receive an HTTP 200 response. Depending on your target endpoint, you might receive addditional details about the request. For example, if you use http://httpbin.org/post as your target endpoint and specify -v (verbose) output, the response should be similar to the following:

< HTTP/1.1 200 OK
< Date: Wed, 16 May 2018 21:24:54 GMT
< Content-Type: application/xml
< Content-Length: 431
< Connection: keep-alive
< Server: gunicorn/19.8.1
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Via: 1.1 vegur
{
  "args":{},
  "data":"<note><to>fred</to><from>nick</from><heading>hello</heading>
    <body>Just writing to say hello.</body></note>",
  "files":{},
  "form":{},
  "headers": {
    "Accept":"*/*",
    "Connection":"close",
    "Content-Length":"106",
    "Content-Type":"application/xml",
    "Host":"httpbin.org",
    "User-Agent":"curl/7.58.0"
  },
  "json":null,
  "origin":"10.1.1.1, 104.154.179.1",
  "url":"http://httpbin.org/post"
}

To verify that your XSD validation is working, try inserting another tag into the body of your request. For example:

curl -v -X POST -H 'Content-Type: application/xml' http://my-test.apigee.net/v1/xsd-mock
  -d '<note>
  <to>Fred Rogers</to>
  <from>Nick Danger</from>
  <heading>Greetings from my neighborhood</heading>
  <body>Just writing to say hello.</body>
  <badTag>Not good</badTag>
</note>'

You should receive a validation error.

2: SOAP Validation

You can use the Message Validation policy to validate a SOAP message request's payload against a WSDL.

  1. Create a new WSDL resource file. For example, "example-wsdl.wsdl":
  2. Add the SOAP Message Validation policy to your proxy endpoint's pre-flow:
    1. Set the <SOAPMessage> element's version attribute to the version of the SOAP protocol that you want to validate against. For example, "1.1":
      ...
        <SOAPMessage version="1.1"/>
      ...
    2. Set the value of the <Element> element to the element that you want to validate:
      ...
        <Element namespace="https://example.com/gateway">getID</Element>
      ...

      <Element> specifies the first child under the <Body> element in the SOAP request's envelope.

      Set the namespace attribute to the namespace for that child.

    3. Specify the location of your WSDL resource file with the <ResourceURL> element. For example:
      ...
        <ResourceURL>wsdl://example-wsdl.wsdl</ResourceURL>
      ...

    Your policy definition should look like the following:

    <MessageValidation continueOnError="false"
        enabled="true" name="validateSOAPRequest">
      <DisplayName>My SOAP Validator</DisplayName>
      <Properties/>
      <Source>request</Source>
      <SOAPMessage version="1.1"/>
      <Element namespace="https://example.com/gateway">getID</Element>
      <ResourceURL>wsdl://example-wsdl.wsdl</ResourceURL>
    </MessageValidation>
  3. Send a POST request to your API proxy with the SOAP envelope as the message payload, as the following example shows:
    curl -v -X POST -H 'Content-Type: application/xml' http://my-test.apigee.net/v1/xsd-mock
      -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
        xmlns:prox="https://example.com/gateway" xmlns:typ="https://example.com/gateway/types">
      <soapenv:Header/>
      <soapenv:Body>
        <prox:getID>
          <typ:MyType>
            <typ:ID>42</typ:ID>
          </typ:MyType>
        </prox:getID>
      </soapenv:Body>
    </soapenv:Envelope>'

    Notice that the Content-type header is set to "application/xml".

    You can also create a data file for the payload and reference it with a command similar to the following:

    curl -v -X POST -H 'Content-type: application/xml' http://my-test.apigee.net/v1/xsd-mock
      --data '@../examples/soap-payload.xml'

You should receive an HTTP 200 response. Depending on your target endpoint, you might receive addditional details about the request. For example, if you use http://httpbin.org/post as your target endpoint, the response should be similar to the following:

XXX

3: Well-formed XML/JSON

You can use the Message Validation policy to confirm that a JSON or XML message payload is well-formed (not the same as validation). The policy ensures that the structure and content meets accepted standards, including:

  • There is a single root element
  • There are no illegal characters in the content
  • Objects and tags are properly nested
  • Beginning and ending tags match

To check for a well-formed XML or JSON payload:

  1. Add the SOAP Message Validation policy to your proxy endpoint's pre-flow.
  2. Remove the <ResourceURL>, <SOAPMessage>, and <Element> elements from the policy definition.

    Your policy definition should look like the following:

    <MessageValidation async="false" continueOnError="false"
        enabled="true" name="validateXMLRequest">
      <DisplayName>My JSON Checker</DisplayName>
      <Properties/>
      <Source>request</Source>
    </MessageValidation>
  3. Send a POST request to your API proxy, as the following example shows:
    curl -v -X POST -H 'Content-Type: application/json' http://my-test.apigee.net/v1/xsd-mock
      -d '{
    "note": {
      "to": "Fred Rogers",
      "from": "Nick Danger",
      "header": "Greetings from my neighborhood",
      "body": "Just writing to say hello."
      }
    }'

    Notice that the Content-type header is set to "application/json".

    To check an XML file for well-formedness, use XML as the message payload and set Content-type to "application/xml".

You should receive an HTTP 200 response. When you send a message payload that does not contain well-formed XML or JSON, you should receive a steps.messagevalidation.Failed error.

Child element reference

This section describes the child elements of <MessageValidation>.

<DisplayName>

Use in addition to the name attribute to label the policy in the management UI proxy editor with a different, more natural-sounding name.

Default Value n/a
Required? Optional. If you omit the <DisplayName> element, the value of the policy's name attribute is used.
Type String
Parent Element <PolicyElement>
Children None

The<DisplayName> element uses the following syntax:

Syntax

<PolicyElement>
  <DisplayName>policy_display_name</DisplayName>
  ...
</PolicyElement>

Example

<AssignMessage>
  <DisplayName>My Validation Policy</DisplayName>
</AssignMessage>

The <DisplayName> element has no attributes or child elements.

<Element>

Specifies the element in the message to validate. This is the first child under the <Body> element in the SOAP request's envelope.

Default Value "sampleObject"
Required? Optional
Type String
Parent Element <MessageValidation>
Child Elements None

The <Element> element uses the following syntax:

Syntax

...
  <Element namespace="element_namespace">element_to_validate</Element>
...

Example 1

The following example defines a single element to be validated:

...
  <Element namespace="https://example.com/gateway">getID</Element>
...

Example 2

You can specify more than one element to validate by adding multiple <Element> elements:

...
<Element namespace="https://example.com/gateway">getID</Element>
<Element namespace="https://example.com/gateway">getDetails</Element>
...

The <Element> element has the following attributes:

Attribute Default Required? Description
namespace "http://sample.com" Optional Defines the namespace of the element to be validated.

<ResourceURL>

Identifies the XSD schema or WSDL definition to be used to validate the source message.

Default Value "wsdl://display_name.wsdl"
Required? Optional
Type String
Parent Element <MessageValidation>
Child Elements None

The <ResourceURL> element uses the following syntax:

Syntax

...
  <ResourceURL>[wsdl|xsd]://validation_WSDL_or_XSD</ResourceURL>
...

Examples

For an XML file:

...
  <ResourceURL>xsd://note-schema.xsd</ResourceURL>
...

For a WSDL:

...
  <ResourceURL>wsdl://example-wsdl.wsdl</ResourceURL>
...

The value of <ResourceURL> must point to a resource file in your API proxy. It cannot refer to external resources over HTTP or HTTPS.

If you do not specify a value for <ResourceURL>, the message is checked for well-formed JSON or XML if the Content-type header is "application/json" or "application/xml", respectively.

The <ResourceURL> element has no child elements or attributes.

Using XSDs for validation

If the XML payload that you validate with the Message Validation policy references another schema, you must prefix the included XSD file with xsd in the schemaLocation attribute.

The following example schema is comprised of multiple XSDs:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
    elementFormDefault="qualified" attributeFormDefault="unqualified">
  <xs:include schemaLocation="xsd://note-schema.xsd"/>
  <xs:include schemaLocation="xsd://letter-schema.xsd"/>
  <xs:include schemaLocation="xsd://user-schema.xsd"/>
</xs:schema>

Using WSDLs for validation

A WSDL must define at least one schema. If it does not reference at least one schema, the Message Validation policy fails.

The maximum import depth for a schema is 10. If you exceed that number of nested imports, the Message Validation policy fails.

<SOAPMessage>

Defines the SOAP version against which the Message Validation policy validates.

Default Value n/a
Required? Optional
Type n/a
Parent Element <MessageValidation>
Child Elements None

The <SOAPMessage> element uses the following syntax:

Syntax

...
  <SOAPMessage version="[ 1.1 | 1.2 | 1.1/1.2 ]"/>
...

Example

...
  <SOAPMessage version="1.1"/>
...

The <SOAPMessage> element has the following attributes:

Attribute Default Required? Description
version None Optional The SOAP version that this policy uses to validate SOAP messages.

Valid values are:

  • "1.1"
  • "1.2"
  • "1.1/1.2"

For more information, see From SOAP/1.1 to SOAP Version 1.2 in 9 points.

<Source>

Identifies the source message to be validated. The value of this element is the name of the message that you want to validate.

If you do not set <Source>, this policy defaults to "message", which refers to the complete request message (in a request flow) or response message (in a response flow), including any payload. You can also explicitly set it to "request" or "response" to refer to the request or response.

Default Value "request"
Required? Optional
Type String
Parent Element <MessageValidation>
Child Elements None

The <Source> element uses the following syntax:

Syntax

...
  <Source>message_to_validate</Source>
...

Example

...
  <Source>request</Source>
...

In addition to "message", "request", and "response", you can set the value of <Source> to the name of any message in your flow. If you do this, though, you must create a custom message with that name in your flow before this policy executes. Otherwise, you will get an error.

If the value of <Source> cannot be resolved in the message flow or resolves to a non-message type, then one of the following occurs:

  • If a null value: Edge throws a steps.messagevalidation.SourceMessageNotAvailable error.
  • If a non-message type: Edge throws a steps.messagevalidation.NonMessageVariable error.

The <Source> element has no attributes or child elements.

Videos

Watch the following videos to learn more about the Message Validation policy:

Video Description
Validate XML request Validate the XML request for an API using the Message Validation policy.
Validate JSON request Validate the JSON request for an API using the Message Validation policy.

Error codes

Errors returned from Edge policies follow a consistent format as described in the Error code reference.

This policy returns the following error codes and error messages in error responses. For guidance on handling errors, see Handling faults.

Error Code Message
InvalidResourceType
InvalidResourceType MessageValidation {0}: Invalid Resource Type {1}.
It should be xsd or wsdl. Context {2}
ResourceCompileFailed
ResourceCompileFailed MessageValidation {0}: Failed to compile resource
{1}. Context {2}
RootElementNameUnspecified
RootElementNameUnspecified MessageValidation {0}: RootElement name is
not specified
InvalidRootElementName
InvalidRootElementName MessageValidation {0}: RootElement name {1} is
invalid
NonMessageVariable
NonMessageVariable Variable {0} does not resolve to a Message
SourceMessageNotAvailable
SourceMessageNotAvailable {0} message is not available for
MessageValidation: {1}
NoElements
Resource "{0}" has no element definitions
Failed
MessageValidation {0} failed with reason: "{1}"

Schemas

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Related topics