Was this helpful?

The MessageValidation Policy type enables you to configure API proxies to reject messages that do not conform to schema (.xsd) or WSDL definition(s). That means developers building apps to consume your API are immediately notified if they are submitting non-conformant requests. Message validation helps developers by indicating where XML tags may not be properly closed, for example. Validation also protects backend services by blocking XML or SOAP messages who structure might cause unpredictable behavior.

Validation can save you a call to tech support, and can help developers avoid time in the forums trying to find troubleshooting help. If developers are notified that they are submitting invalid requests, they can refer to the XML schema for the API to understand how to fix the error. This makes well-understood XML schemas a key component of your API documentation.

Apigee Edge enables you to configure your API with a Message Validation policy that validates messages with the XML payload.

The policy validates that an XML or JSON message is well-formed, and that the SOAP format is correct according to the specified XSD or WSDL file, ensuring that tags are balanced. If the XML configuration is incomplete, the policy returns a message validation error.

Configuring the MessageValidation policy

Configure MessageValidation using the following elements.

Field Name Description
Source (Optional)
Source message to be validated.
  • If the source is missing, it is treated as a simple message. For example, <Source>message</Source>
  • If the source variable cannot be resolved, or resolves to a non-message type, then one of the following occurs:
    • If the source variable resolves to a null value in the message flow, a steps.messagevalidation.SourceMessageNotAvailable error code is thrown .
    • If the source variable resolves to a non-message value, a steps.messagevalidation.NonMessageVariable error code is thrown.
ResourceURL (Optional)
XSD or WSDL file used in the schema validation against the source message. The message validation fails if the WSDL file does not have schemas or if the maximum import depth exceeds 10.
If ResourceURL is not specified, the message is checked for:
  • Well-formed XML if the content-type is application/xml
  • Well-formed JSON if the content-type is application/json
SOAPMessage (Optional)
Verifies that the message corresponds to the SOAP format of the specified version(s).
If the version attribute is not specified, the message could correspond to either SOAP 1.1 or 1.2 format (example below).
Element (Optional) Specifies the valid root elements.

Example - Message Validation policy

<MessageValidation name="myPolicy">
    <SOAPMessage version="1.1/1.2"/>
    <Element namespace="http://finance.com/1999"> PurchaseOrder</Element>
    <Element namespace="http://finance.com/2000">PurchaseOrder</Element>

Policy-specific error codes

The default format for error codes returned by Policies is:

  "code" : " {ErrorCode} ",
  "message" : " {Error message} ",
  "contexts" : [ ]

The MessageValidation Policy type defines the following error codes:

Error Code Message
InvalidResourceType InvalidResourceType MessageValidation {0}: Invalid Resource Type {1}. It should be xsd or wsdl. Context {2}
ResourceCompileFailed ResourceCompileFailed MessageValidation {0}: Failed to compile resource {1}. Context {2}
RootElementNameUnspecified RootElementNameUnspecified MessageValidation {0}: RootElement name is not specified
InvalidRootElementName InvalidRootElementName MessageValidation {0}: RootElement name {1} is invalid
NonMessageVariable NonMessageVariable Variable {0} does not resolve to a Message
SourceMessageNotAvailable SourceMessageNotAvailable {0} message is not available for MessageValidation: {1}
NoElements Resource "{0}" has no element definitions
Failed MessageValidation {0} failed with reason: "{1}"

Policy schema

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.


The content of SOAP validation is not clear and enough for the policy reference. Kindly add few more examples

Add new comment

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.