Hi Amit,

Keeping in mind this viewpoint is nothing but my own personal view, my 
recommendation would be to not mandate the use of a particular validation 
framework, but to instead define what kind of validation clients should expect 
the server to perform in general. For example, I would expect a service to 
return an error code and not perform any action if I called "Create server" but 
did not include a request body, but the actual manner in which that error is 
generated within the service does not matter from the client's perspective.

This is not to say the API Working Group wouldn't help you evaluate the 
potential of Stoplight to meet the needs of a service. To the contrary, by 
clearly defining the expectations of a service's responses to requests, you'll 
have a great idea of exactly what to look for in your evaluation, and your 
final decision would be based on objective results.

Thank you,
Sam Harwell

From: Amit Gandhi [mailto:amit.gan...@rackspace.com]
Sent: Friday, October 17, 2014 12:32 PM
To: OpenStack Development Mailing List (not for usage questions)
Cc: r...@ryanpetrello.com
Subject: [openstack-dev] [api] Request Validation - Stoplight

Hi API Working Group

Last night at the Openstack Meetup in Atlanta, a group of us discussed how 
request validation is being performed over various projects and how some teams 
are using pecan wsmi, or warlock, jsonschema etc.

Each of these libraries have their own pro's and con's.  My understanding is 
that the API working group is in the early stages of looking into these various 
libraries and will likely provide guidance in the near future on this.

I would like to suggest another library to evaluate when deciding this.  Some 
of our teams have started to use a library named "Stoplight"[1][2] in our 
projects.  For example, in the Poppy CDN project, we found it worked around 
some of the issues we had with warlock such as validating nested json correctly 

Stoplight is an input validation framework for python.  It can be used to 
decorate any function (including routes in pecan or falcon) to validate its 

Some good examples can be found here [4] on how to use Spotlight.

Let us know your thoughts/interest and we would be happy to discuss further on 
if and how this would be valuable as a library for API request validation in 


Amit Gandhi
Senior Manager - Rackspace

[1] https://pypi.python.org/pypi/stoplight
[2] https://github.com/painterjd/stoplight

OpenStack-dev mailing list

Reply via email to