Firstly create your specification object. By default, OpenAPI spec version is detected:
from json import load
from openapi_core import Spec
with open('openapi.json', 'r') as spec_file:
spec_dict = load(spec_file)
spec = Spec.create(spec_dict)Now you can use it to validate against requests
from openapi_core import validate_request
# raise error if request is invalid
result = validate_request(request, spec=spec)and unmarshal request data from validation result
# get parameters object with path, query, cookies and headers parameters
validated_params = result.parameters
# or specific location parameters
validated_path_params = result.parameters.path
# get body
validated_body = result.body
# get security data
validated_security = result.securityRequest object should implement OpenAPI Request protocol (See :doc:`integrations`).
You can also validate against responses
from openapi_core import validate_response
# raise error if response is invalid
result = validate_response(request, response, spec=spec)and unmarshal response data from validation result
# get headers
validated_headers = result.headers
# get data
validated_data = result.dataResponse object should implement OpenAPI Response protocol (See :doc:`integrations`).
openapi-core supports security for authentication and authorization process. Security data for security schemas are accessible from security attribute of RequestValidationResult object.
For given security specification:
security:
- BasicAuth: []
- ApiKeyAuth: []
components:
securitySchemes:
BasicAuth:
type: http
scheme: basic
ApiKeyAuth:
type: apiKey
in: header
name: X-API-Keyyou can access your security data the following:
result = validator.validate(request)
# get basic auth decoded credentials
result.security['BasicAuth']
# get api key
result.security['ApiKeyAuth']Supported security types:
- http – for Basic and Bearer HTTP authentications schemes
- apiKey – for API keys and cookie authentication