I have an api project which requires the payload to be validated against a set of rules. For this, I have written a karate feature file with all the required assertions for my incoming request json payload. The feature file then returns true or false depending upon the satisfied conditions. This mechanism is working perfectly in my local currently.
Is this approach recommended for production use case? Will the karate framework in this format be capable of handling large volumes of requests coming in a very short span of time?
Developer of Karate here, I really like your question because it validates what I personally believe, that Karate just makes it easy to work with JSON.
Why I won't recommend this for production use is because Karate embeds a JS engine that can be targeted using a "script injection" attack. Karate is designed for users running "locally" and has no safeguards built-in to prevent any malicious attacks coming in via JSON payloads.
The other question is performance, personally I am quite confident, because Karate is being used in conjunction with Gatling and some work has gone into improving performance over the years. But at the end of the day, Karate does use a JS engine in interpreted mode. So you need to run a performance test or load test yourself to validate if Karate can handle the volume you expect.
Maybe you can contribute to Karate to address both the above concerns !