OpenAPI validation

Unkey Deploy is currently in private beta. To get access, reach out on Discord or email support@unkey.com.

OpenAPI validation is coming soon.

The OpenAPI validation policy checks incoming requests against an OpenAPI 3.0 or 3.1 specification. Requests that don’t conform to the spec are rejected with 400 before reaching your app.

What gets validated

The Sentinel validates the following parts of each request against your spec:

Path parameters
Query parameters
Request headers
Request body (content type and schema)

Requests that don’t match any defined operation in the spec are rejected. Response validation is not performed by the Sentinel.

Configuration

Provide your OpenAPI specification as a YAML document in the policy configuration. The spec is parsed once when the policy loads.

Last modified on March 30, 2026

OverviewCreate and manage root keys for programmatic access to the Unkey API.

⌘I

What gets validated
Configuration

Getting Started

Platform

Build & Deploy

Networking

Observability

CLI

Security

External APIs

AI Code Gen

Audit Logs

CLI

Errors

Changelog

What gets validated

Configuration

Getting Started

Platform

Build & Deploy

Networking

Observability

CLI

Security

External APIs

AI Code Gen

Audit Logs

CLI

Errors

Changelog

​What gets validated

​Configuration

What gets validated

Configuration