Positive JSON API model

Dhal can enforce JSON API expectations.

{
  "rules": {
    "api": {
      "enabled": true,
      "requireJsonContentType": true,
      "allowedContentTypes": ["application/json", "application/problem+json"],
      "methodsWithBody": ["POST", "PUT", "PATCH"],
      "maxJsonDepth": 20,
      "maxJsonKeys": 500
    },
    "contentType": {
      "enabled": true,
      "blockMissingOnBodyMethods": false,
      "blockJsonMismatch": true,
      "allowedJsonMimeTypes": [
        "application/json",
        "application/problem+json",
        "application/ld+json"
      ]
    }
  }
}

Best fit

Use this for APIs where clients are expected to send JSON only.

Avoid overreach

Do not apply strict JSON rules to routes that accept:

multipart uploads;
form submissions;
webhooks with custom content types;
binary payloads.

Create route profiles to scope JSON rules precisely.

Best fit​

Avoid overreach​

Best fit

Avoid overreach