A schema defines the structure of a JSON value. Defining your JSON schemas and keeping them as specific and locked down as possible serves as the foundation of data sanitization, both for the inputs and outputs.

The global schema defines the accepted JSON values. They can be primitive types (string, number, integer, boolean, array) or JSON objects (object).

The expected fields of JSON objects are defined in the properties field of each object. JSON objects have nested schemas that define the type of values the fields can contain. Again, the values can be either primitive type or JSON objects, and again the JSON objects have their nested schemas. So depending on your API, you may end up with very deep layers of schemas nested inside one another.

Browse through this section to see the details of each schema-related API security risk.