APIM - validate-content on consumption tier

Question

I recently changed our APIM instance from the developer tier, to the consumption tier, and am seeing some weird behavior in the validate-content policy. On the developer tier, this policy would work as expected and return a 400 error with the appropriate error message.

Below is the policy:

<validate-content unspecified-content-type-action="prevent" max-size="102400" size-exceeded-action="prevent">
   <content type="application/json" validate-as="json" action="prevent" />
</validate-content>

Below is an example from the trace and the response from developer tier (expected behavior):

//Trace
validate-content (0.100 ms)
    {
    "name": "application/json",
    "type": "RequestBody",
    "validationRule": "IncorrectMessage",
    "details": "Body of the request does not conform to the definition skills-POST-request, which is associated with the content type application/json. Property 'nam' has not been defined and the schema does not allow additional properties. Line: 1, Position: 7",
    "action": "Prevented"
}

//Response
HTTP/1.1 400 Bad Request
vary: Origin
    {
    "statusCode": 400,
    "message": "Body of the request does not conform to the definition skills-POST-request, which is associated with the content type application/json. Property 'nam' has not been defined and the schema does not allow additional properties. Line: 1, Position: 7"
}

However, now the same policy on the consumption tier returns the following trace and response (incorrect behavior):

//Trace
validate-content (4.736 ms)
    {
    "name": "application/json",
    "type": "RequestBody",
    "validationRule": "IncorrectMessage",
    "details": "Body of the request does not conform to the definition skills-POST-request, which is associated with the content type application/json. Property 'nam' has not been defined and the schema does not allow additional properties. Line: 1, Position: 7",
    "action": "Prevented"
}
validate-content (0.714 ms)
    {
    "name": null,
    "type": "RequestBody",
    "validationRule": "ValidationException",
    "details": "Body of the request cannot be validated for the content type application/json. Value cannot be null.\r\nParameter name: key",
    "action": "Prevented"
}
validate-content (2.679 ms)
    {
    "messages": [
        "Value cannot be null.\r\nParameter name: key"
    ]
}

//response
HTTP/1.1 500 Internal Server Error
vary: Origin
    {
    "statusCode": 500,
    "message": "Internal server error",
    "activityId": "b3d76aed-fdf0-4240-a5c1-db49fed82105"
}

This looks to be some sort of bug perhaps in the content validation policy for the consumption tier?

Answer 1

I entered a support request with Microsoft and they determined this was a bug in API management. The workaround was to add the following to policy:

errors-variable-name="requestBodyValidation"

So the final policy now looks like:

<validate-content unspecified-content-type-action="prevent" max-size="102400" size-exceeded-action="prevent" errors-variable-name="requestBodyValidation">
   <content type="application/json" validate-as="json" action="prevent" />
</validate-content>

Answer 2

As per the Azure documentation,Consumption tier in APIM supports TLS Settings,External Cache,Client Certificate authentication & Graph QL API's only. Therefore validate-content APIM policy doesn’t work for APIM Services running on consumption SKU.