I'm using Apigee 127 on top of swagger to create a REST API.
This is the head of the configuration file swagger.yaml:
swagger: 2.0
info:
version: "0.0.1"
title: LMS API Gateway
# during dev, should point to your local machine
host: localhost
# basePath prefixes all resource paths
basePath: /
#
schemes:
# tip: remove http to make production-grade
- http
- https
# format of bodies a client can send (Content-Type)
consumes:
- application/json
# format of the responses to the client (Accepts)
produces:
- application/json
x-a127-config: {}
x-volos-resources: {}
paths:
/lms/oauth2/token:
# binds a127 app logic to a route
x-swagger-router-controller: authentication
x-volos-authorizations: {}
x-volos-apply: {}
post:
description: Authenticates a user
operationId: authenticate
parameters:
- name: body
in: body
description: The JSON request body
required: true
schema:
$ref: AuthenticationRequest
responses:
"200":
description: Success
schema:
$ref: AuthenticationResponseSuccess
default:
description: Error
schema:
$ref: AuthenticationResponseError
Then I have this AuthenticationRequest Schema Object that describes how the request body for authentication should be. So far so good.
When I make a valid request, It's working fine, but when I make an invalid one, I get the following response:
HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 60
Date: Mon, 06 Oct 2014 16:31:08 GMT
Connection: keep-alive
Parameter (body) is not a valid AuthenticationRequest model
There would be no problem with that if my API spec did not specify that I MUST return a 400 Bad Request response code for an invalid request (which by the way makes more sense).
So the problem is that I couldn't find a way to change this behaviour in Swagger docs.
Anyone?
It's working as designed right now. The way swagger-validator works is it will just pass the error down to the next middleware, in which case if there is no middleware to handle this you get a 500. (See swagger-validator.js#L119) The reason it happens this way is to allow the application author to intercept this if need be. This was done on purpose but I can see how someone might want to have the middleware send the response but doing that properly could be a pain when it comes to content types (JSON vs. XML vs. HTML vs. ..) and structure (What is the valid structure of an error?).
To get things working like you want, you need to add an error handler middleware that will format the response, and its status code, appropriately. Depending on your server (connect, express, etc.) how you do this might change a little.
If you feel swagger-tools should provide facilities for this, feel free to file an issue with as much information as you can with regard to how you want this to work.