| title | Azure API Management policy reference - validate-status-code | Microsoft Docs |
|---|---|
| description | Reference for the validate-status-code policy available for use in Azure API Management. Provides policy usage, settings, and examples. |
| services | api-management |
| author | dlepow |
| ms.service | azure-api-management |
| ms.topic | reference |
| ms.date | 07/23/2024 |
| ms.author | danlep |
[!INCLUDE api-management-availability-all-tiers]
The validate-status-code policy validates the HTTP status codes in responses against the API schema. This policy may be used to prevent leakage of backend errors, which can contain stack traces.
[!INCLUDE api-management-validation-policy-schema-size-note]
[!INCLUDE api-management-policy-form-alert]
<validate-status-code unspecified-status-code-action="ignore | prevent | detect" errors-variable-name="variable name">
<status-code code="HTTP status code number" action="ignore | prevent | detect" />
</validate-status-code>| Attribute | Description | Required | Default |
|---|---|---|---|
| unspecified-status-code-action | Action to perform for HTTP status codes in responses that aren’t specified in the API schema. Policy expressions are allowed. | Yes | N/A |
| errors-variable-name | Name of the variable in context.Variables to log validation errors to. Policy expressions aren't allowed. |
No | N/A |
| Name | Description | Required |
|---|---|---|
| status-code | Add one or more elements for HTTP status codes to override the default validation action for status codes in responses. | No |
| Attribute | Description | Required | Default |
|---|---|---|---|
| code | HTTP status code to override validation action for. | Yes | N/A |
| action | Action to perform for the matching status code, which isn’t specified in the API schema. If the status code is specified in the API schema, this override doesn’t take effect. | Yes | N/A |
[!INCLUDE api-management-validation-policy-actions]
- Policy sections: outbound, on-error
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
- This policy can only be used once in a policy section.
[!INCLUDE api-management-validation-policy-common]
<validate-status-code unspecified-status-code-action="prevent" errors-variable-name="responseStatusCodeValidation" />[!INCLUDE api-management-validation-policy-error-reference]
[!INCLUDE api-management-policy-ref-next-steps]