3

I was working on Swagger generated OpenAPI specification and I noticed that if we pass some extra fields in PUT/POST API endpoint, then the server doesn't throw any error, even though it process all valid/necessary field. So my doubt is that

  1. Should the server throw error in this case?
  2. Is it the OpenAPI standard to allow unknown fields and then ignore them?
Aman Chourasiya
  • 1,078
  • 1
  • 10
  • 23
  • 2
    This depends on your API definition and server framework. In OpenAPI 3.0, schemas can use `additionalProperties: false` to reject payloads containing extra properties. Some server frameworks provide configuration options to either ignore extra properties in payloads or throw errors. You can also implement this logic yourself. – Helen Nov 17 '20 at 12:31

1 Answers1

3

In Swagger specification 2.0 there is no option to reject the extra fields passed in the request body. Server will only accept those fields that are allowed in the request definition and other fields will be ignored. If you want to disallow extra fields then you can handle these in the backend manually.

aman
  • 278
  • 3
  • 11