wiretap can be configured to enable strict validation that detects undeclared properties, parameters, headers, and cookies. This mode goes beyond standard OpenAPI validation by reporting values that aren’t explicitly documented in the specification, even when additionalProperties: true would normally allow them.
Strict mode is designed for API governance scenarios where you want to ensure that clients only send properties that are explicitly documented in the OpenAPI specification, helping maintain a clean and well-documented API surface.
Even if the JSON Schema for an object has not defined a param as required, or the schema uses additionalProperties strict mode will not care. Anything in the payload that is not explicitly defined in the contact will be flagged as undeclared
When enabled, strict mode detects:
- Undeclared properties
- Undeclared query parameters
- Undeclared request headers
- Undeclared response headers
- Undeclared cookies
- Enabling strict mode
To enable strict mode, use the --strict-mode flag:
https://pb33f.io/wiretap/configuring/#strict-mode