api gateway custom request validator