Azure APIM behavior for undocumented parameters in swagger

Salim Demir (external) 0 Reputation points
2024-12-23T08:55:21.7566667+00:00

Hi Azure community,

Could you please help us to understand and document the behavior by Azure API Management in case of undocumented parameters in swagger exist in the request for the API call?

Does APIM block the request or pass it to backend by stripping off the undocumented parameters?

Kind Regards,

Salim

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,238 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. hossein jalilian 9,310 Reputation points
    2024-12-23T18:50:43.2366667+00:00

    Hello Salim Demir (external),

    Thanks for posting your question in the Microsoft Q&A forum.

    Without any specific validation policy, APIM will pass all parameters to the backend, including undocumented ones.

    You can use the validate-parameters policy to control how APIM handles undocumented parameters:

    <validate-parameters 
        specified-parameter-action="ignore" 
        unspecified-parameter-action="prevent" 
        errors-variable-name="parameterValidationErrors" />
    
    

    You can set the unspecified-parameter-action to one of these values:

    • ignore: Allows undocumented parameters to pass through (default behavior).
    • detect: Logs the presence of undocumented parameters but allows them.
    • prevent: Blocks requests containing undocumented parameters.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.