{"id":1593,"date":"2016-06-15T16:39:40","date_gmt":"2016-06-15T16:39:40","guid":{"rendered":"https:\/\/developer.microsoft.com\/en-us\/office\/blogs\/?p=1593"},"modified":"2016-06-15T16:39:40","modified_gmt":"2016-06-15T16:39:40","slug":"introducing-request-validator-to-beta-endpoint","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/introducing-request-validator-to-beta-endpoint\/","title":{"rendered":"Introducing Request Validator to beta endpoint"},"content":{"rendered":"<p>I wanted to update you all on a breaking change that we are making to the Outlook REST API Beta endpoints.\u00a0 This change is the introduction of a <strong>Request Validator<\/strong> which is going to be deployed worldwide over the next few weeks.\u00a0 Here are the details of this change.<\/p>\n<p><strong>What is the Request Validator?<\/strong><\/p>\n<p>The Request Validator is a module that checks the validity of incoming requests based on the following<\/p>\n<ul>\n<li>Annotation restrictions in the Edm Model, namely\n<ul>\n<li>Search<\/li>\n<li>Expand<\/li>\n<li>Navigation<\/li>\n<li>Change Tracking<\/li>\n<li>Insert<\/li>\n<li>Update \u2013 (Patch\/Merge)<\/li>\n<li>Delete<\/li>\n<\/ul>\n<\/li>\n<li>Http methods allowed for a specific resource or collection (e.g. GET, POST, PATCH\/MERGE, DELETE)<\/li>\n<\/ul>\n<p><strong>Why add a Request Validator? <\/strong><\/p>\n<ul>\n<li>To catch invalid requests early on before sending the request downstream<\/li>\n<li>To adhere to the expected behavior based on the OData Model for transparency. The Odata model uses annotations to describe its capabilities (what an app can or cannot do)<\/li>\n<\/ul>\n<ul>\n<li>To conform to the OData Spec on what requests are permitted for a given http method<\/li>\n<\/ul>\n<p><strong>What is the impact of introducing the Request Validator? <\/strong><\/p>\n<ul>\n<li>Developers might need to rewrite some requests if these requests are not consistent with the model \u2013 as the request validator will throw an <strong>Exception<\/strong> if it fails to validate the request<\/li>\n<li>Developers can expect consistent behavior that is based on the annotation specified in the Edm model<\/li>\n<li>Developers might need to rewrite test cases for queries that fails the request validator<\/li>\n<\/ul>\n<p><strong>Exceptions<\/strong><\/p>\n<ol>\n<li>Insert\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: <strong>InsertNotSupported<\/strong><\/li>\n<li>Message: ErrorRequestValidatorInsertNotPermitted(string propertyName) = Insert is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<\/ol>\n<\/li>\n<li>Update\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: <strong>UpdateNotSupported<\/strong><\/li>\n<li>Message: ErrorRequestValidatorUpdateNotPermitted(string propertyName) = Update is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<\/ol>\n<\/li>\n<li>Delete\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: <strong>DeleteNotSupported<\/strong><\/li>\n<li>Message: ErrorRequestValidatorDeleteNotPermitted(string propertyName) = Delete is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<\/ol>\n<\/li>\n<li>Navigation\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: <strong>NavigationNotSupported<\/strong><\/li>\n<li>Message:\n<ol>\n<li>ErrorRequestValidatorNavigationNotPermitted(string propertyName) = Navigation is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<li>ErrorRequestValidatorRecursiveNavigationNotPermitted(string propertyName) = Recursive navigation is not permitted after property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<li>Search\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: <strong>SearchNotSupported<\/strong><\/li>\n<li>Message:\n<ol>\n<li>ErrorRequestValidatorSearchNotPermitted(string propertyName) = Search is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<li>ErrorRequestValidatorSearchNotPermittedForSegment = Only NavigationProperties and EntitySets are searchable<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<li>Expand\n<ol>\n<li>HttpCode: HttpStatusCode.BadRequest = 400<\/li>\n<li>StringCode: \u00a0<strong>ExpandNotSupported<\/strong><\/li>\n<li>Message: ErrorRequestValidatorExpandNotPermitted(string propertyName) = Expand is not permitted for property &#8216;{0}&#8217; according to the annotation specified in the Edm model.<\/li>\n<\/ol>\n<\/li>\n<li>Default<\/li>\n<\/ol>\n<ol>\n<li>\n<ul>\n<li>Will be throwing the existing ODataResponseException with custom message\n<ol>\n<li>HttpCode: HttpStatusCode.MethodNotAllowed = 405<\/li>\n<li>StringCode: <strong>ErrorInvalidRequest<\/strong><\/li>\n<li>Message: ErrorRequestValidatorMethodNotAllowed(string method, string propertyName) = Method &#8216;{0}&#8217; not allowed for &#8216;{1}&#8217;<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><strong>Example:<\/strong><\/p>\n<p><b><strong>1. Navigation restriction placed on a navigation property<\/strong><\/b><\/p>\n<p>GET \u00a0<a href=\"https:\/\/outlook.office.com\/api\/beta\/me\/events('id')\/calendars('id')\">https:\/\/outlook.office.com\/api\/beta\/me\/events(&#8216;id&#8217;)\/calendars(&#8216;id&#8217;)<\/a>\/events(\u2018id\u2019)<\/p>\n<p>This request throws an exception as Recursive navigation is not permitted after property &#8216;events&#8217;<\/p>\n<p>Looking in the metadata for the Calendar Entity, the navigation property Events has the navigation annotation where the navigation type set as single. This means you can navigate upto <a href=\"https:\/\/outlook.office.com\/api\/beta\/me\/events('id')\/calendars('id')\/events\">https:\/\/outlook.office.com\/api\/beta\/me\/events(&#8216;id&#8217;)\/calendars(&#8216;id&#8217;)\/events<\/a> but not beyond.<\/p>\n<p>The following segments may be appended after the navigation property<\/p>\n<ol>\n<li>\n<ol>\n<li>\n<ul>\n<li>Count segment\u00a0 \/$count<\/li>\n<li>Batch segment \/$batch<\/li>\n<li>Value segment \/$value<\/li>\n<li>Navigation property link segment \/$ref<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><b><strong>2. When sending invalid segment for the http method<\/strong><\/b><\/p>\n<p>POST <a href=\"https:\/\/outlook.office.com\/api\/beta\/me\/message('id')\">https:\/\/outlook.office.com\/api\/beta\/me\/message(\u2018id\u2019)<\/a><\/p>\n<p>This request throws an exception as key segment is not allowed for post<\/p>\n<p>http code: 405<\/p>\n<p>string code: ErrorInvalidRequest<\/p>\n<p>message: Method &#8216;POST&#8217; not allowed for &#8216;Microsoft.OData.Core.UriParser.Semantic.KeySegment&#8217;<\/p>\n<p>&#8211; Abdelkader Bahgat on behalf of the Outlook Ecosystem team<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We wanted to update you all on a breaking change that we are making to the Outlook REST API Beta endpoints. This change is the introduction of a Request Validator which is going to be deployed worldwide over the next few weeks.<\/p>\n","protected":false},"author":69077,"featured_media":25159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3],"tags":[12],"class_list":["post-1593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-graph","tag-outlook"],"acf":[],"blog_post_summary":"<p>We wanted to update you all on a breaking change that we are making to the Outlook REST API Beta endpoints. This change is the introduction of a Request Validator which is going to be deployed worldwide over the next few weeks.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/1593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69077"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=1593"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/1593\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25159"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=1593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=1593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=1593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}