Reputation: 21
In OpenAPI 3.0, should I specify maxLength for a string with a specified format?
I have some string parameters with specified format in my OpenAPI documentation.
email:
type: string
format: email
hostname:
type: string
format: hostname
path:
type: string
format: uri
I want to define maxLength to protect from harmful queries. Do I have to do it or does format already define the maximum length?
Upvotes: 2
Views: 4273
Answers (1)
Reputation: 621
For some of the formats the length of its value is defined. You can refer https://github.com/OAI/OpenAPI-Specification/issues/607#issue-142290879 to get the RFC definition for these formats. Apart from those if you think you need to have your predefined max/min length for the string value you can add them or you can use pattern keyword as well if you want to introduce any custom formats in your API definition. Using format has its own advantage and disadvantages.
Advantage
- You can keep the API definition clean with few lines
- You don't have to worry about the length if you want to follow a generally accepted lengths for your payload parameters.
Disadvantage
- You have to stick to a predefined format
- If you are not aware of the format details then your requests/responses might get failed.
Upvotes: 1
Related Questions
- Which type of OpenAPI pattern format is valid?
- Odata V2 Java set EDM String MaxLength
- OpenApi Generator: Use Long as Numeric default?
- How to require at least one of two parameters in OpenAPI?
- Is there a maxLength or an alternative keyword in OpenAPI 3
- OpenAPI validator rules to use max instead of size
- How to configure maxQueryStringLength in webapi?
- OData String Maxvalue, how long can it be?
- Should maxLength restriction for string datatype in XSD be based on pre- or post-encoded data?
- Max length of an openID