Enable request validation in API Gateway - Amazon API Gateway
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Enable request validation in API Gateway

You can configure API Gateway to perform basic validation of an API request before proceeding with the integration request. When the validation fails, API Gateway immediately fails the request, returns a 400 error response to the caller, and publishes the validation results in CloudWatch Logs. This reduces unnecessary calls to the backend. More importantly, it lets you focus on the validation efforts specific to your application.

Overview of basic request validation in API Gateway

API Gateway can perform the basic validation. This enables you, the API developer, to focus on app-specific deep validation in the backend. For the basic validation, API Gateway verifies either or both of the following conditions:

  • The required request parameters in the URI, query string, and headers of an incoming request are included and non-blank.

  • The applicable request payload adheres to the configured JSON schema request model of the method.

To enable basic validation, you specify validation rules in a request validator, add the validator to the API's map of request validators, and assign the validator to individual API methods.


Request body validation and request body passthrough are two separate issues. When a request payload cannot be validated because no model schema can be matched, you can choose to passthrough or block the original payload.

For example, when you enable request validation with a mapping template for the application/json media type, you might want to pass an XML payload through to the backend even though the enabled request validation will fail. This might be the case if you expect to support the XML payload on the method in the future. To fail the request with an XML payload, you must explicitly choose the NEVER option for the content passthrough behavior.