25 tests verify JSON Schema validation, size limits, type checking, and structure validation.
Request bodies are validated against JSON schemas defined in OpenAPI:
# openapi.yaml
components:
schemas:
User:
type: object
required:
- name
- email
properties:
name:
type: string
minLength: 2
maxLength: 100
email:
type: string
format: email
age:
type: integer
minimum: 0
maximum: 150
additionalProperties: falsecurl -X POST -H "X-API-Key: valid-key" \
-H "Content-Type: application/json" \
-d '{"name": "John Doe", "email": "john@example.com", "age": 30}' \
http://localhost:8080/usersRequest body matches the JSON schema - all required fields present, correct types.
curl -X POST -H "X-API-Key: valid-key" -H "Content-Type: application/json" -d '{"name": "John"}' http://localhost:8080/usersHTTP/1.1 400 Bad Request
{"error": "Schema validation failed", "details": "Missing required property: email"}Required fields defined in the schema must be present. Missing fields cause validation failure.
curl -X POST -d '{"name": "John", "email": "not-an-email"}' http://localhost:8080/users{"error": "Invalid format", "field": "email", "expected": "email"}Fields with format constraints (email, uuid, date-time) are validated against their format.
curl -X POST -d '{"name": "John", "email": "john@test.com", "age": "thirty"}' http://localhost:8080/users{"error": "Type mismatch", "field": "age", "expected": "integer", "got": "string"}Type validation ensures fields match their expected types (string, integer, boolean, etc.).
curl -X POST -d '{"name": "John", "email": "john@test.com", "admin": true}' http://localhost:8080/users{"error": "Additional property not allowed", "property": "admin"}With additionalProperties: false, any fields not defined in the schema are rejected. This prevents mass assignment attacks.
curl -X POST -d @large_file.json http://localhost:8080/users # 10MB fileHTTP/1.1 413 Payload Too LargeOversized request bodies are rejected to prevent denial-of-service attacks.