General availability: SOAP and XML request and response validation
Published date: 07 March, 2022
With the release of SOAP and XML feature, you will be able to reduce the API attack surface for SOAP or XML-based REST APIs by blocking or logging ill-formed API requests or responses and admitting only those, whose bodies adhere to the declared XML schema. The validation policy now supports custom schemas in addition to the schemas specified in the API’s definition.
The validate-content policy now supports the following new scenarios:
1. Blocking or logging SOAP API requests or responses, whose body doesn’t adhere to the schema declared in the provided WSDL file or in an additional schema file.
2. Blocking or logging REST API requests or responses with XML bodies that don’t adhere to the XML schema declared in the OpenAPI file or in an additional schema file.
3. Blocking or logging REST API requests or responses with JSON bodies that don’t adhere to a custom JSON schema specified in an external resource, outside the API’s definition.