1Path
Path Validation
URL paths are validated against the allowlist defined in the OpenAPI spec.
/users ✓ /admin ✗ /../etc ✗Request Validation
Comprehensive request validation against the OpenAPI specification - the core of Signando REST.
Complete Request Validation Pipeline
Every incoming request goes through a multi-stage validation pipeline:
Request → Path Check → Method Check → Auth Check →
Header Validation → Query Validation → Body Validation →
Injection Scan → Forward to Backend2Method
Method Validation
HTTP methods are checked per endpoint.
GET /users ✓ DELETE /users ✗3Headers
Header Validation
Required headers are validated, injection attempts blocked.
X-API-Key ✓ CRLF injection ✗4Query
Query Parameter Validation
Query parameters are validated against the OpenAPI schema.
?limit=10 ✓ ?limit=abc ✗5Body
Body Validation
Request bodies are validated against JSON schemas.
{"email": "@"} ✓ {"admin": true} ✗6Injection
Injection Prevention
All inputs are scanned for injection patterns.
SQL ✗ XSS ✗ CMD ✗Complete Validation Example
Valid Request
curl -X POST \
-H "X-API-Key: sk-valid-key" \
-H "Content-Type: application/json" \
-d '{"name": "John", "email": "john@example.com"}' \
"http://localhost:8080/users?notify=true"Validation Steps
✓ Path: /users defined in OpenAPI
✓ Method: POST allowed on /users
✓ Auth: X-API-Key header present and valid
✓ Query: ?notify=true matches schema (boolean)
✓ Body: Matches User schema, no extra fields
✓ Injection: No patterns detected
→ Forward to backend