Validation Layers: MCP, OpenAPI, API-first

HAPI server applies multiple layers of validation to every API request and response, ensuring your system is robust, secure, and always in sync with your OpenAPI contract.

Validation Layers in HAPI

1. Schema Validation: All data is validated against your OpenAPI schema (types, formats, enums, etc.).
2. Security Validation: Authentication and authorization are enforced using OpenAPI security schemes (OAuth2, API keys, etc.).
3. Context Validation: MCP context is checked for required fields and permissions.
4. Custom Validation: Add hooks for business logic or additional checks as needed.

tip

Use OpenAPI's required, format, and enum keywords for strong schema validation. Combine with MCP context checks for full coverage.

Example: Request Validation

paths:
  /users:
    post:
      summary: Create user
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/User'
      responses:
        '201':
          description: User created

Example: Security Validation

components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-KEY

caution

If your schema and implementation drift, validation errors will occur. Always update your OpenAPI spec when making changes to your API.

Best Practices

• Use tools like Swagger Editor to validate your schema.
• Test all endpoints with valid and invalid data.
• Use descriptive error messages for validation failures.

Further Reading

• OpenAPI Validation
• HAPI MCP source code
• Model Context Protocol (MCP)