AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-07-18 · Documentation medium

File: apigateway/latest/developerguide/api-gateway-method-request-validation.md

Summary

Clarified that API Gateway only checks parameter existence, not type/format, during basic validation.

Security assessment

Highlights limitations in request validation, which is critical for secure API design but does not address a specific vulnerability.

Diff

diff --git a/apigateway/latest/developerguide/api-gateway-method-request-validation.md b/apigateway/latest/developerguide/api-gateway-method-request-validation.md
index a3a208ced..d194af9cb 100644
--- a//apigateway/latest/developerguide/api-gateway-method-request-validation.md
+++ b//apigateway/latest/developerguide/api-gateway-method-request-validation.md
@@ -28 +28 @@ API Gateway can perform the basic request validation, so that you can focus on a
-  * The required request parameters in the URI, query string, and headers of an incoming request are included and not blank. 
+  * The required request parameters in the URI, query string, and headers of an incoming request are included and not blank. API Gateway only checks the existence of a parameter and doesn't check the type or format.