This tool allows the validation at runtime of the API requests responses according to the OpenAPI specs.
There are several tools that can validate an OpenAPI specification, but there are no many options to ensure that the API contracts are honoured by the API we are developing.
This tool make sure that the API requests and responses are valid according to the OpenAPI specification of the API.
More on Validating API requests and responses
The openapi-request-response-validator is a SpringBoot (Java) application implementing a REST controller to allow Postman scripts (or other clients) to send the payload to be validated. The OpenAPI file can be supplied at startup.
You work with Postman to test the API endpoints, sending a request and verify the response. Thanks to Postman Test Scripts it is possible to add custom scripts to access the request, response and headers programmatically and send them to the OpenAPI Request-Response Validator.
Postman tests (with assertions) can be defined to confirm the JSON payloads are valid according to the API specification.
The outcome of the validation (together with the list of errors — if any) is returned to Postman (displayed in the Postman console) and logged by the application.
Steps:
- add the snippet below in the Collection Tests
- provide the OpenAPI file
- launch the
openapi-request-response-validationtool (Java app or using Docker) - run the Postman requests against your service or application
In the Collection Tests add the snippet below. It will run after every request in the collection.
What does it do? After executing the request the Test Script will send request, response and headers to the validator.
openapiRequestResponseValidation = {
validate: function(pm) {
// build path without baseUrl
var baseUrl = pm.collectionVariables.get("baseUrl");
baseUrl = baseUrl.replace('https://','');
baseUrl = baseUrl.replace(pm.request.url.getHost(),'');
var path = pm.request.url.getPath().replace(baseUrl,'');
console.log('Validation for ' + path);
const postRequest = {
url: 'http://localhost:8080/validate',
method: 'POST',
header: {'Content-Type': 'application/json'},
body: {
mode: 'raw',
raw: JSON.stringify({
method: pm.request.method,
path: path,
headers: pm.request.headers,
requestAsJson: (pm.request.body != "") ? pm.request.body.raw : null,
responseAsJson: pm.response.text(),
statusCode: pm.response.code
})
}
};
pm.sendRequest(postRequest, (error, response) => {
if(error != undefined) {
pm.expect.fail('Unexpected error ' + error);
} else {
var data = response.json();
if(data.valid == false) {
console.log(data.errors);
}
pm.test("OpenAPI validation", () => {
pm.expect(data.valid, "Invalid request/response (check Console)").to.equal(true);
});
}
});
}
};
openapiRequestResponseValidation.validate(pm);
Copy/rename your OpenAPI specs to openapi/openapi.yaml or openapi/openapi.json
Run the Java application
java -jar target/openapi-request-response-validator.jarRun the Java application with custom port and spec file
java -jar target/openapi-request-response-validator.jar --server.port=8888 --INPUT_SPECS=/path/to/myopenapi.yamlYou can run the tool on Docker
# run using default openapi/openapi.yaml or openapi/openapi.json
docker run -v $(pwd):/openapi -it --rm --name openapi-request-response-validation \
gcatanese/openapi-request-response-validation
# run using custom location of the OpenAPI file
docker run -v $(pwd):/openapi -e INPUT_SPECS=/tmp/openapi.yaml \
-it --rm --name openapi-request-response-validation \
gcatanese/openapi-request-response-validation
Run the Postman requests and check the Test tab
Using Atlassian Swagger Validator, Postman and Docker