Blog Detail


Validate HttpFoundation Requests & Response Against OpenAPI  cover image

arrow_back Validate HttpFoundation Requests & Response Against OpenAPI

OpenAPI is a specification intended to describe RESTful APIs in a way that is understood by humans and machines alike.

By validating an API’s requests and responses against the OpenAPI definition that describes it, we guarantee that the API is used correctly and behaves in accordance with the documentation we provide, thus making the OpenAPI definition the single source of truth.

The HttpFoundation component is developed and maintained as part of the Symfony framework. It is used to handle HTTP requests and responses in projects such as Symfony, Laravel, Drupal, and many others.

How does it work?

This package is built upon the OpenAPI PSR-7 Message Validator one, which validates PSR-7 messages against OpenAPI definitions.

It converts HttpFoundation request and response objects to PSR-7 messages using Symfony’s PSR-7 Bridge and Tobias Nyholm’s PSR-7 implementation, before passing them on to OpenAPI PSR-7 Message Validator.


You can install this package via composer by running this command in the terminal.

composer require --dev osteel/openapi-httpfoundation-testing

This package is mostly intended to be used as part of an API test suite.


Import the builder class:

use Osteel\OpenApi\Testing\ValidatorBuilder;

Use the builder to create a \Osteel\OpenApi\Testing\Validator object, feeding it a YAML or JSON OpenAPI definition:

$validator = ValidatorBuilder::fromYaml('my-definition.yaml')->getValidator();

// or

$validator = ValidatorBuilder::fromJson('my-definition.json')->getValidator();

Instead of a file, you can also pass a YAML or JSON string directly.

You can now validate \Symfony\Component\HttpFoundation\Request and \Symfony\Component\HttpFoundation\Response objects for a given path and method:

$validator->validate($response, '/users', 'post');

For convenience, objects implementing \Psr\Http\Message\ServerRequestInterface or \Psr\Http\Message\ResponseInterface are also accepted.

In the example above, we check that the response matches the OpenAPI definition for a POST request on the /users path.

Each of OpenAPI’s supported HTTP methods (DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT and TRACE) also has a shortcut method that calls validate under the hood, meaning the line above could also be written this way:

$validator->post($response, '/users');

Validating a request object works exactly the same way:

$validator->post($request, '/users');

In the example above, we check that the request matches the OpenAPI definition for a POST request on the /users path.

The validate method returns true in case of success and throws \Osteel\OpenApi\Testing\Exceptions\ValidationException exceptions in case of error.

For more details, you can visit its complete documentation & source code on Github.

Published at : 28-02-2022

Author : Rizwan Aslam
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

Launch your project

Launch project