Q2 of 40 · REST Assured

How would you validate a JSON response against a schema in REST Assured?

REST AssuredMidrest-assuredjson-schemacontract-testingapi-testingjava

Short answer

Short answer: Add the rest-assured-json-schema-validator dependency and call .body(matchesJsonSchemaInClasspath('schema.json')) in the then() block. Schema validation catches structural regressions — missing fields, wrong types, unexpected keys — that field-by-field assertions miss.

Detail

Individual field assertions (body("name", equalTo("Alice"))) verify specific values but won't catch if the API adds a field, changes a type from string to number, or removes a required property. JSON Schema validation checks the entire response structure against a contract in one assertion.

Setup: add rest-assured-json-schema-validator to pom.xml. Place schema files in src/test/resources.

Writing the schema: JSON Schema describes types, required properties, additional properties, formats, and enums. Setting "additionalProperties": false makes the schema strict — any field the API adds that isn't declared will fail the test. This turns schema validation into a breaking-change detector.

Positioning relative to other approaches: JSON Schema validation sits between full contract testing (Pact) and individual assertions. It's lighter than Pact (no consumer/provider broker setup) but catches more structural regressions than hand-written assertions. It fits well into smoke tests that run post-deployment to verify no structural drift.

Combine schema validation with individual value assertions: schema checks the structure is correct, value assertions check the content is correct. Neither alone is sufficient.

// EXAMPLE

SchemaValidationTest.java

// pom.xml dependency:
// <dependency>
//   <groupId>io.rest-assured</groupId>
//   <artifactId>json-schema-validator</artifactId>
//   <scope>test</scope>
// </dependency>

// src/test/resources/schemas/user-schema.json
// {
//   "$schema": "http://json-schema.org/draft-07/schema#",
//   "type": "object",
//   "required": ["id", "name", "email"],
//   "properties": {
//     "id":    { "type": "integer" },
//     "name":  { "type": "string", "minLength": 1 },
//     "email": { "type": "string", "format": "email" }
//   },
//   "additionalProperties": false
// }

import static io.restassured.module.jsv.JsonSchemaValidator.matchesJsonSchemaInClasspath;

class UserSchemaTest extends BaseApiTest {
    @Test
    void getUser_matchesJsonSchema() {
        given(reqSpec).pathParam("id", 1)
        .when().get("/users/{id}")
        .then()
            .statusCode(200)
            // Validates entire structure against the schema file
            .body(matchesJsonSchemaInClasspath("schemas/user-schema.json"))
            // Then check specific values
            .body("id", equalTo(1))
            .body("name", not(emptyString()));
    }
}

// WHAT INTERVIEWERS LOOK FOR

Correct import and dependency awareness, understanding of why schema validation catches structural regressions that field assertions miss, and the additionalProperties: false strictness option. Bonus: positioning schema validation relative to Pact contract testing.

// COMMON PITFALL

Confusing JSON Schema validation with Pact contract testing. JSON Schema validates structure against a local file; Pact validates a published consumer-provider contract and can drive provider verification. They complement each other but solve different problems.

// Related questions

How do you validate a JSON response schema in your API tests?

API testing

How does Karate handle JSON schema validation differently from REST Assured?

Karate

How does ResponseSpecBuilder work? When do you use it over inline assertions?

REST Assured