How do you add a request validator to api gateway?

How do you natively within serverless framework add request validation for an endpoint within API Gateway?

I have already achieved this with these two plugins:

• serverless-aws-documentation
• serverless-reqvalidator-plugin

and:

Function has:

my_func:
  request:
    parameters:
      headers:
        X-Timestamp: true
        X-Signature: true
  reqValidatorName: bodyAndParams

req_validator:

Resources:
  bodyAndParams:
    Type: "AWS::ApiGateway::RequestValidator"
    Properties:
      Name: 'body-and-params'
      RestApiId:
        Ref: ApiGatewayRestApi
      ValidateRequestBody: true
      ValidateRequestParameters: true

But i want to drop these two plugins if possible since the majority of this is available in the framework already but i feel like i am missing the final piece to turn on the validation

I too would like to know about this…

Googling shows this but I can’t make sense of it

If you set params as required via serverless syntax you then can just also activate the validator for parameters like so

Resources:
  ParameterRequestValidator:
    Type: AWS::ApiGateway::RequestValidator
    Properties:
      Name: ParameterRequestValidator
      RestApiId:
        Ref: ApiGatewayRestApi
      ValidateRequestBody: false
      ValidateRequestParameters: true

  ApiGatewayMethodNameOfYourApiLookItUpInYourTemplate:
    Properties:
      RequestValidatorId:
        Ref: ParameterRequestValidator

so to do this with the following plugins:

"serverless-aws-documentation": "github:deliveryhero/serverless-aws-documentation",
"serverless-reqvalidator-plugin": "^1.0.3",

on a function:

request:
  parameters:
    headers:
      X-Token: true
      X-Event: true
reqValidatorName: bodyAndParams

The resource bodyAndParams:

bodyAndParams:
    Type: "AWS::ApiGateway::RequestValidator"
    Properties:
      Name: 'body-and-params'
      RestApiId:
        Ref: ApiGatewayRestApi
      ValidateRequestBody: true
      ValidateRequestParameters: true

This does work, but i would ideally like to remove the plugins as its an additional dependancy in deploying my application. The header validation being the main thing i care about because it removes the requirement for the code to validate the headers

agreed, I am in a similar scenario though I also get some warning each time about it

There is no need for a plugin for request validation. It is built into the framework: https://www.serverless.com/framework/docs/providers/aws/events/apigateway#request-parameters

That makes them ‘required’ but doesn’t set the validation in the api gateway, so therefore it doesn’t actually validate

I don’t understand why you need those two plugins. You’re adding raw CloudFormation, so you should be able to enable validation directly in it. I got it to work, but with an OpenAPI (x-amazon-apigateway-request-validator) script embedded into the Cloudformation, which was deployed via Serverless. That said I don’t know why your AWS::ApiGateway::RequestValidator resource wouldn’t work.

Anyways, have you figured this out?

I’m actually trying to somewhat the opposite, I want to disable validation. When you create the gateway in Serverless’ native way (i.e. below), adding a schema automatically turns on validation and I can’t find any way to NOT enable it.

events:
      - http:
          method: post
          path: '/serverless-full'
          integration: lambda
          request:
            schema:
              application/json: ${file(../models/UserModel.json)}
            template:
              application/json: '$util.escapeJavaScript($input.body).replaceAll("\\","")'
            passThrough: WHEN_NO_TEMPLATES
            contentHandling: CONVERT_TO_TEXT
          response:
            headers:
              Content-Type: "'application/json'"
            contentHandling: CONVERT_TO_TEXT

For those of you failing to see this, like I also did.

This is what you need to do in plain english.

Turn

ApiGatewayMethodNameOfYourApiLookItUpInYourTemplate

to

APIGatewayMethod<1><2>

In my case, it was APIGatewayDealsGet

The thing I was looking at was my handler name in serverless

   list:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /deals
    # - method: GET request
    handler: list.main
    events:
      - http:
          path: deals
          method: get
          cors: true
          authorizer: aws_iam
          request:
            parameters:
              querystrings:
                country: true
                type: true

Alternatively, if this does not work, check the s3 bucket, mine was called xxxxxxx-ap-serverlessdeploymentbuck-1epdp60eqveqr and go to serverless > yyyyyyyyyyy > aaaa >
timestamp > compiled-cloudformation-template.json

And look for the name of your method in there, example mine was:

	"ApiGatewayMethodDealsGet": {
		"Type": "AWS::ApiGateway::Method",
		"Properties": {
			"HttpMethod": "GET",
			"RequestParameters": {

I still can’t get this to work.
Have both plugins installed

 plugins:
    - serverless-reqvalidator-plugin
    - serverless-aws-documentation

The events in my function properly declared

events: 
    - http: 
        path: permission/users
        method: get
        reqValidatorName: 'ParameterRequestValidator'
        request:
            parameters:
                querystrings:
                    permissions: true

and my resources

 Resources:
     ParameterRequestValidator:
       Type: "AWS::ApiGateway::RequestValidator"
       Properties:
         Name: 'ParameterRequestValidator'
         RestApiId:
         Ref: ApiGatewayRestApi
         ValidateRequestBody: false
         ValidateRequestParameters: true

First of all, serverless doesn’t recognize property ‘reqValidatorName’, I guess there’s something I missed.

After adding

ApiGatewayMethodPermissionUsersGet:
  Properties:
    RequestValidatorId:
      Ref: ParameterRequestValidator

It says ‘resources.Resources.ApiGatewayMethodPermissionUsersGet’: should have required property 'Type’
So I guess there’s a lot more that I missed here.
I’m trying to do as you said, set the request validation configuration in aws.

Check my reply… …

Ok, there we go. Had to read it a few time to see it.
Thanks for your time!

Heave you solved this issue?

‘resources.Resources.ApiGatewayMethodPermissionUsersGet’: should have required property 'Type’

This is not working for me. Pretty much 99+% of the problems I have with AWS are with the API Gateway.

Here is the error I am getting:

Error: The CloudFormation template is invalid: Invalid template resource property 'APIGatewayUserprofilePost'

And here is my code:

  Resources:
    ParameterRequestValidator:
      Type: AWS::ApiGateway::RequestValidator
      Properties:
        Name: ParameterRequestValidator
        RestApiId:
          Ref: ApiGatewayRestApi
        ValidateRequestBody: false
        ValidateRequestParameters: true

      APIGatewayUserprofilePost:
        Properties:
          RequestValidatorId:
            Ref: ParameterRequestValidator

I have a function named userprofile with a POST method. What am I doing wrong here?

try this “ApiGatewayMethodUserprofilePost”