POST /api/openapi-validate-payloadValidate a JSON payload against the request or response schema for one operation in an OpenAPI 3.x or Swagger 2.x spec. Locate the operation by operationId or method+path; choose `part: "request"` or `part: "response"` (status defaults to the first 2xx). Deterministic subset of JSON Schema: type, required, enum, properties, items, additionalProperties:false, oneOf/anyOf/allOf, $ref-detection (not dereferenced). Returns `valid`, `schemaPresent` (false → no contract to check; result is vacuously valid), and ordered `errors[]` with stable rule codes. Pure CPU — deterministic, no network.
| Field | Type | Description |
|---|---|---|
spec * | any | OpenAPI/Swagger document (object or JSON string) |
operationId | any | operationId to validate against (preferred) |
method | any | HTTP method (use with `path` if no operationId) |
path | any | Path template (use with `method` if no operationId) |
part * | any | Schema to validate against: "request" or "response" |
status | any | Response status when part="response" (defaults to first 2xx) |
payload * | any | JSON value to validate |
{
"valid": false,
"schemaPresent": true,
"errors": [
{
"path": "",
"rule": "required",
"message": "missing required field: email"
},
{
"path": ".age",
"rule": "type",
"message": "expected integer, got string"
},
{
"path": ".extra",
"rule": "additionalProperties",
"message": "unexpected property: extra"
}
]
}
curl -i -X POST https://agent402.tools/api/openapi-validate-payload \
-H "Content-Type: application/json" \
-d '{"spec":{"openapi":"3.0.0","paths":{"/users":{"post":{"operationId":"createUser","requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["name","email"],"properties":{"name":{"type":"string"},"email":{"type":"string"},"age":{"type":"integer"},"role":{"type":"string","enum":["admin","user"]}},"additionalProperties":false}}}},"responses":{"201":{"description":"ok"}}}}}},"operationId":"createUser","part":"request","payload":{"name":"Alice","age":"thirty","extra":"noise"}}'
The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:
import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";
const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);
const res = await payFetch("https://agent402.tools/api/openapi-validate-payload", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
"spec": {
"openapi": "3.0.0",
"paths": {
"/users": {
"post": {
"operationId": "createUser",
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"name",
"email"
],
"properties": {
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"age": {
"type": "integer"
},
"role": {
"type": "string",
"enum": [
"admin",
"user"
]
}
},
"additionalProperties": false
}
}
}
},
"responses": {
"201": {
"description": "ok"
}
}
}
}
}
},
"operationId": "createUser",
"part": "request",
"payload": {
"name": "Alice",
"age": "thirty",
"extra": "noise"
}
}),
});
This is a pure-CPU tool, so an agent without a wallet can pay with proof-of-work instead of USDC: fetch a challenge, solve the sha256 puzzle (16 leading zero bits — a fraction of a second of CPU, no money, no AI tokens), and resend with the X-Pow-Solution header.
import { createHash } from "node:crypto";
const lz = (b) => { let t = 0; for (const x of b) { if (!x) { t += 8; continue; } t += Math.clz32(x) - 24; break; } return t; };
const c = await (await fetch("https://agent402.tools/api/pow/challenge?slug=openapi-validate-payload")).json();
let n = 0;
while (lz(createHash("sha256").update(c.challenge + ":" + n).digest()) < c.difficulty) n++;
await fetch("https://agent402.tools/api/openapi-validate-payload", { method: "POST", headers: { "X-Pow-Solution": c.token + ":" + n, "Content-Type": "application/json" }, body: JSON.stringify({"spec":{"openapi":"3.0.0","paths":{"/users":{"post":{"operationId":"createUser","requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["name","email"],"properties":{"name":{"type":"string"},"email":{"type":"string"},"age":{"type":"integer"},"role":{"type":"string","enum":["admin","user"]}},"additionalProperties":false}}}},"responses":{"201":{"description":"ok"}}}}}},"operationId":"createUser","part":"request","payload":{"name":"Alice","age":"thirty","extra":"noise"}}) });
POST /api/email-validateValidate an email address: syntax check plus live MX record lookup on the domain (deliverability signal, not a guarantee…
POST /api/url-parseParse a URL into components: protocol, host, port, path, query params (decoded), hash, origin, punycode hostname.
POST /api/ip-infoClassify an IP address: version, public/private/loopback/link-local, integer form, and reverse-DNS (PTR) lookup.