Validating the body of an APIM XML Policy

Hello Rankin, Steven (LIT),

Welcome to the Microsoft Q&A and thank you for posting your questions here.

Regarding your questions:

Is there a way to programmatically validate that the contents of a APIM Policy are syntactically correct and there are no errors (e.g. extra brackets, extra comma)

Yes, you can programmatically validate the syntax of an Azure API Management (APIM) policy by using the validate-content policy in APIM, it helps to ensure that the content of your policies is correct and adheres to the expected schema. https://learn.microsoft.com/en-us/azure/api-management/validate-content-policy

Can this be done with the az cli or some other tool? We have all our policies in source control and its easy to miss something simple. Our deploys can fail to a extra comma for example, and we find we have to manually copy and paste the policy into the Azure Portal editor to try and find the issue?

Azure CLI does not have a built-in command specifically for validating APIM policy syntax, you can use other tools and methods to achieve this. You can use a combination of XML validation tools and custom scripts. https://learn.microsoft.com/en-us/azure/api-management/validate-content-policy

Is there a tool or command we could use in CICD which would check the xml is valid according to the APIM rules?

To integrate XML validation into your CI/CD pipeline, you can use tools like xmllint or XMLStarlet to validate the XML files. Something similar to this in your pipeline:

# Validate XML syntax
   xmllint --noout --schema path/to/apim-policy-schema.xsd path/to/your-policy.xml

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Hi @Rankin, Steven (LIT) Thank you for posting this question here.

In addition to using the validate-content-policy as stated by @Sina Salam you can also make a PUT request to the end point Api Policy - Create Or Update which returns additional error messaging details as you see on the Azure portal when you try to save a policy. The Azure portal hits this URL on the backend when you hit on save and captures any error response and displays it back on the portal. Here is the API end-point

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/policies/policy?api-version=2024-05-01

You would need a bearer token to access the end point programmatically. The article Azure REST API - Create a bearer token provides steps on how to create a bearer token for a service principal role. You can do the same programmatically by hitting the end point https://login.microsoftonline.com/{{tenantId}}/oauth2/token to get the token.

Please make sure to assign Contributor access to the service principal role created to grant the required permissions needed to access the end point.

Hope this helps! Please let us know if you have any additional questions or need further clarification.

If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.