Overview
If you are using a REST - Schema Validation Security Contract, for an Access Point, defined as a REST SecurityPolicy with Validate Against Schema: true, you may observe that only the Request body is validated and errors in the values of the query string or header parameters are not being flagged, even if you have mentioned the specific type and content pattern.
Information
Schema Validation only works on validating the content for only the Request body and the content for the query string & headers is not validated. So the schema validation will work for the content in the body, such as for POST requests but not for query strings, such as in GET requests.