Skip to main content

Parameters

See plugin common configurations for configuration options available to all plugins.

  • spec

    string

    String containing the OpenAPI spec. Mutually exclusive with spec_url.

    The inline spec has a 2 MB size limit imposed by the control plane. If your OpenAPI specification exceeds this limit, use spec_url instead to load the spec from a remote URL.

  • spec_url

    string

    URL to fetch the OpenAPI spec from (must start with http:// or https://). Mutually exclusive with spec. The fetched spec is cached with a configurable TTL (see plugin metadata spec_url_ttl), and stale entries continue serving requests while the spec refreshes in the background.

    Available in API7 Enterprise from version 3.9.12. Not available in APISIX yet.

  • spec_url_request_headers

    object

    Custom HTTP headers to include when fetching spec_url (e.g. for authentication).

    Available in API7 Enterprise from version 3.9.12. Not available in APISIX yet.

  • ssl_verify

    boolean

    default: false

    Whether to verify the SSL certificate when fetching spec_url.

    Available in API7 Enterprise from version 3.9.12. Not available in APISIX yet.

  • timeout

    integer

    default: 10000

    vaild vaule:

    1000–60000

    HTTP request timeout in milliseconds when fetching spec_url.

    Available in API7 Enterprise from version 3.9.12. Not available in APISIX yet.

  • verbose_errors

    boolean

    default: false

    If true, respond with detailed error if the validation fails.

  • skip_request_body_validation

    boolean

    default: false

    If true, skip the validation of request body.

  • skip_request_header_validation

    boolean

    default: false

    If true, skip the validation of request header.

  • skip_query_params_validation

    boolean

    default: false

    If true, skip the validation of query parameters.

  • skip_path_params_validation

    boolean

    default: false

    If true, skip the validation of path parameters.

  • reject_if_not_match

    boolean

    default: true

    If false, requests that fail OAS validation are logged as error but the request is still forwarded to the upstream service.

    Available in API7 Enterprise from 3.9.6 and not in APISIX.

  • rejection_status_code

    integer

    default: 400

    vaild vaule:

    400–599

    HTTP status code to return when request validation fails. For example, set to 422 to distinguish semantic validation errors (Unprocessable Entity) from malformed request syntax (400 Bad Request). Only effective when reject_if_not_match is true.

    Available in API7 Enterprise from version 3.9.8. Not available in APISIX yet.

note

One of spec or spec_url must be configured. They are mutually exclusive.

Plugin Metadata

  • spec_url_ttl

    integer

    default: 3600

    TTL in seconds for cached specs fetched from spec_url. After expiry, stale entries continue serving requests while the spec refreshes asynchronously in the background.

    Available in API7 Enterprise from version 3.9.12. Not available in APISIX yet.

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation