XML Schema Validation Policy
Policy Type
policy-xml-schema-validation
UI Documentation
📖 For detailed information: [UI Documentation Link - Link will be added here]
Description
XML Schema Validation policy validates XML request/response bodies against XML Schema (XSD) definitions. It ensures that XML data conforms to the specified schema structure, types, and constraints before processing or forwarding. It can validate against custom schemas or against the WSDL specification.
Endpoints
List Policies
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Add Policy
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Update Policy
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Delete Policy
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
List Policies
Endpoint
GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/
Request
| Header |
Value |
| Authorization |
Bearer {token} |
Path Parameters
| Parameter |
Type |
Required |
Description |
| projectName |
string |
Yes |
Project name |
| apiProxyName |
string |
Yes |
API Proxy name |
Response
Success Response (200 OK)
{
"success": true,
"resultList": [
{
"apiProxy": {
"name": "MyAPI",
"requestPolicyList": [
{
"type": "policy-xml-schema-validation",
"name": "xml-validation-policy",
"description": "Validate XML request body",
"active": true,
"pathForBody": "/",
"validateAgainstSpec": false,
"schemaDefinitionList": [
{
"schemaNo": 0,
"schemaBody": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\">\n <xs:element name=\"user\">\n <xs:complexType>\n <xs:sequence>\n <xs:element name=\"id\" type=\"xs:integer\"/>\n <xs:element name=\"name\" type=\"xs:string\"/>\n <xs:element name=\"email\" type=\"xs:string\"/>\n </xs:sequence>\n </xs:complexType>\n </xs:element>\n</xs:schema>",
"systemId": null,
"targetNamespace": null,
"rootSchema": true
}
]
}
],
"responsePolicyList": [],
"errorPolicyList": []
}
}
],
"resultCount": 1
}
cURL Example
curl -X GET \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
-H "Authorization: Bearer YOUR_TOKEN"
Add Policy
Endpoint
POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header |
Value |
| Authorization |
Bearer {token} |
| Content-Type |
application/json |
Path Parameters
| Parameter |
Type |
Required |
Description |
| projectName |
string |
Yes |
Project name |
| apiProxyName |
string |
Yes |
API Proxy name |
| policyName |
string |
Yes |
Policy name |
Request Body
Full JSON Body Example - Custom Schema Validation
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-xml-schema-validation",
"description": "Validate XML request body against custom schema",
"active": true,
"pathForBody": "/",
"validateAgainstSpec": false,
"schemaDefinitionList": [
{
"schemaNo": 0,
"schemaBody": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" targetNamespace=\"http://example.com/user\" elementFormDefault=\"qualified\">\n <xs:element name=\"user\">\n <xs:complexType>\n <xs:sequence>\n <xs:element name=\"id\" type=\"xs:integer\"/>\n <xs:element name=\"name\" type=\"xs:string\" minOccurs=\"1\" maxOccurs=\"1\"/>\n <xs:element name=\"email\" type=\"xs:string\" minOccurs=\"0\" maxOccurs=\"1\"/>\n <xs:element name=\"age\" type=\"xs:integer\" minOccurs=\"0\" maxOccurs=\"1\"/>\n </xs:sequence>\n </xs:complexType>\n </xs:element>\n</xs:schema>",
"systemId": "user-schema.xsd",
"targetNamespace": "http://example.com/user",
"rootSchema": true
}
]
}
}
Full JSON Body Example - Validate Against WSDL Specification
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-xml-schema-validation",
"description": "Validate XML against WSDL specification",
"active": true,
"pathForBody": "/",
"validateAgainstSpec": true,
"schemaDefinitionList": []
}
}
Request Body Fields
| Field |
Type |
Required |
Default |
Description |
| targetScope |
string |
Yes |
- |
Policy scope: ALL or ENDPOINT |
| targetEndpoint |
string |
No* |
- |
Endpoint path (required if targetScope=ENDPOINT) |
| targetEndpointHTTPMethod |
string |
No* |
- |
HTTP method (required if targetScope=ENDPOINT) |
| targetPipeline |
string |
Yes |
- |
Pipeline: REQUEST, RESPONSE, or ERROR |
| deploy |
boolean |
No |
true |
Whether to deploy after adding policy |
| deployTargetEnvironmentNameList |
array |
No |
[] |
List of environment names to deploy to |
| order |
integer |
No |
null |
Policy execution order (starts from 1) |
Enum: targetScope
ALL - Policy applies to all endpointsENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
REQUEST - Executes in request pipeline (validates request body)RESPONSE - Executes in response pipeline (validates response body)ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
| Field |
Type |
Required |
Default |
Description |
| type |
string |
Yes |
- |
Policy type: policy-xml-schema-validation |
| description |
string |
No |
- |
Policy description |
| active |
boolean |
No |
true |
Whether policy is active |
| pathForBody |
string |
No |
- |
XPath expression to locate XML body to validate |
| validateAgainstSpec |
boolean |
No |
false |
Validate against WSDL specification instead of custom schemas |
| schemaDefinitionList |
array |
No* |
[] |
List of XML schema definitions (required if validateAgainstSpec=false) |
XPath Examples
/ - Root of XML document/root - Root element named “root”/root/data - Data element under root/soap:Envelope/soap:Body/* - SOAP body content
Note
- If
validateAgainstSpec: false, schemaDefinitionList must contain at least one schema definition.
- If
validateAgainstSpec: true, validation uses the WSDL specification from the API Proxy (schemaDefinitionList is ignored).
schemaDefinitionList
Each schema definition is an object with the following fields:
| Field |
Type |
Required |
Default |
Description |
| schemaNo |
integer |
No |
0 |
Schema number (for ordering multiple schemas) |
| schemaBody |
string |
Yes |
- |
XML Schema (XSD) definition (XML string) |
| systemId |
string |
No |
null |
System ID for schema reference |
| targetNamespace |
string |
No |
null |
Target namespace extracted from schema |
| rootSchema |
boolean |
No |
false |
Whether this is the root schema |
The schemaBody must be a valid XML Schema (XSD). Example:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://example.com/user">
<xs:element name="user">
<xs:complexType>
<xs:sequence>
<xs:element name="id" type="xs:integer"/>
<xs:element name="name" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
Schema Numbering
schemaNo is used for ordering when multiple schemas are defined- Schemas are validated in order
rootSchema: true indicates the primary schema
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/xml-validation-policy/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"],
"order": 1
},
"policy": {
"type": "policy-xml-schema-validation",
"description": "Validate XML request body",
"active": true,
"pathForBody": "/",
"validateAgainstSpec": false,
"schemaDefinitionList": [
{
"schemaNo": 0,
"schemaBody": "<?xml version=\"1.0\" encoding=\"UTF-8\"?><xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"><xs:element name=\"user\"><xs:complexType><xs:sequence><xs:element name=\"id\" type=\"xs:integer\"/><xs:element name=\"name\" type=\"xs:string\"/></xs:sequence></xs:complexType></xs:element></xs:schema>",
"rootSchema": true
}
]
}
}'
Update Policy
Endpoint
PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header |
Value |
| Authorization |
Bearer {token} |
| Content-Type |
application/json |
Path Parameters
| Parameter |
Type |
Required |
Description |
| projectName |
string |
Yes |
Project name |
| apiProxyName |
string |
Yes |
API Proxy name |
| policyName |
string |
Yes |
Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": true,
"deployTargetEnvironmentNameList": ["tester"],
"order": 1
},
"policy": {
"type": "policy-xml-schema-validation",
"description": "Validate XML request body against custom schema",
"active": true,
"pathForBody": "/",
"validateAgainstSpec": false,
"schemaDefinitionList": [
{
"schemaNo": 0,
"schemaBody": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<xs:schema xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" targetNamespace=\"http://example.com/user\" elementFormDefault=\"qualified\">\n <xs:element name=\"user\">\n <xs:complexType>\n <xs:sequence>\n <xs:element name=\"id\" type=\"xs:integer\"/>\n <xs:element name=\"name\" type=\"xs:string\" minOccurs=\"1\" maxOccurs=\"1\"/>\n <xs:element name=\"email\" type=\"xs:string\" minOccurs=\"0\" maxOccurs=\"1\"/>\n <xs:element name=\"age\" type=\"xs:integer\" minOccurs=\"0\" maxOccurs=\"1\"/>\n </xs:sequence>\n </xs:complexType>\n </xs:element>\n</xs:schema>",
"systemId": "user-schema.xsd",
"targetNamespace": "http://example.com/user",
"rootSchema": true
}
]
}
}
Note: Request body structure is the same as Add Policy. All fields should be provided for update.
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Delete Policy
Endpoint
DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/
Request
| Header |
Value |
| Authorization |
Bearer {token} |
| Content-Type |
application/json |
Path Parameters
| Parameter |
Type |
Required |
Description |
| projectName |
string |
Yes |
Project name |
| apiProxyName |
string |
Yes |
API Proxy name |
| policyName |
string |
Yes |
Policy name |
Request Body
Full JSON Body Example
{
"operationMetadata": {
"targetScope": "ALL",
"targetPipeline": "REQUEST",
"deploy": false
}
}
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": []
}
}
Notes and Warnings
- XPath:
pathForBody must be a valid XPath expression pointing to the XML to validate
- Schema Definition:
- If
validateAgainstSpec: false, schemaDefinitionList must contain at least one schema definition
- If
validateAgainstSpec: true, validation uses WSDL specification (schemaDefinitionList ignored)
- XML Schema:
schemaBody must be a valid XML Schema (XSD) definition
- Schema Number:
schemaNo is used for ordering when multiple schemas are defined
- Root Schema: Set
rootSchema: true for the primary schema
- Target Namespace: Extracted automatically from schema or can be specified manually
- System ID: Used for schema references (import/include)
- Validation Failure: When validation fails, the request/response is rejected with an error
- Performance: Schema validation adds processing overhead. Use for critical validation only.
- Pipeline:
REQUEST pipeline validates request body before processingRESPONSE pipeline validates response body before sending to client
- WSDL Specification: When
validateAgainstSpec: true, uses schemas from the API Proxy’s WSDL
- Error Messages: Configure error messages in the policy to customize validation error responses
- Deployment: Policy changes require deployment to take effect. Set
deploy: true or deploy manually.