You had questions, and we’ve got answers!
On the content-type validation: are you supporting content negotiation headers in the content-type? (i.e. OAS Consume allows application/json and the client is sending content-type=application/json;v=1.2.2)
Yes, we do. That also includes supporting a charset after the MIME type (such as content-type=application/json; charset=UTF-8)
Any support for private cloud, specifically Pivotal Cloud Foundry?
We can run the solution on any platform, public or private. Our only requirement is to be able to deploy a docker image and scale it plus open a simple TCP connection back to the platform so that the runtime can download its configuration.
You can use Springfox to generate indeed an OAS v2 file which can then be automatically deployed to our platform via a CI/CD plugin. The combination of Springfox with the Swagger annotations framework can be used to produce a very high quality OAS V2 file.
We are looking at providing specific Springfox extensions to support our security as code approach, most likely in the second part of 2020.