Functions exposed as API endpoints need to handle incoming request data. API consumers may unintentionally pass badly formatted data, or bad actors may maliciously attempt to inject bad data into public endpoints. We need to validate data before it is processed. Validation logic is often verbose, repetitive, boilerplate code that requires additional dependencies and needs to be shared across services. Additionally, in the direct cost model of Lambda even invalid data is tied directly to an invocation charge.
Validate HTTPs requests at the API Gateway using JSON Schema - a data definition vocabulary for validating JSON documents. API Gateway can use JSON Schema models to validate incoming request payloads.
Validating at the gateway means that invalid requests will not incur a Lambda invocation. If a Lambda function is exposed via API Gateway, you are already paying for the API Gateway request and validation is essentially free.
API Gateway supports JSON Schema Draft 0-4. Draft 0-7 is the latest version.
API Gateway can also validate the presence of parameter values in the request path, query string, or header. Complex structural validations are not supported.
The default API Gateway validation error is … inadequate. Configure a custom GatewayResponse to return detailed errors to API consumers.
|API Gateway||Data Transfer|
|Lambda||(Compute Time x Memory)|
|CloudWatch||Log Data Ingestion|
* Lambda functions are only invoked if the request data is valid.