Validating API Responses

Overview

Validate API responses against OpenAPI schemas, JSON Schema definitions, and contract specifications to detect data integrity violations, schema drift, and backward compatibility regressions. Run validation in middleware (development/staging) or as post-deployment contract tests to ensure every response conforms to the documented API contract.

Prerequisites

• OpenAPI 3.0+ specification with complete response schema definitions for all endpoints
• JSON Schema validator: Ajv (Node.js), jsonschema (Python), or everit-org/json-schema (Java)
• Response validation middleware or test harness integrated into CI pipeline
• API test client for exercising endpoints and capturing response bodies
• Schema diff tool for detecting contract changes between versions

Instructions

1. Read the OpenAPI specification using Read and extract all response schemas per endpoint, including success responses (200, 201), error responses (400, 404, 500), and header definitions.
2. Compile JSON Schema validators for each endpoint-status combination, enabling strict mode (additionalProperties: false) to detect undocumented fields leaking into responses.
3. Implement response validation middleware that intercepts outgoing responses and validates the body against the corresponding schema, logging violations without blocking responses in production.
4. Configure validation strictness per environment: strict (fail on violation) in development/staging, warn (log only) in production, with violation metrics emitted for monitoring.