Rest expose: Parameters Deserialization and Validation

i am exposing a Rest API

step 4 of implementing an exposed api is

4 Parameters Deserialization and Validation: Deserialization of the input parameters and validation of the data types, mandatory values, etc.

now i want ta have clear what the effect is of the structure that receives the request json in the api body.

i would say the putiing a json string from the request is an implicit deserialisation of the string json to a json structure in the outsystems structure.

and that if one of the attributes is mandatory that when the attribuut is missing in the request this will lead to an error that the attribuut is missing.

but i do not see this behaviour, i can omit a mandatory attribuut in the request and still have an 200 ok.

why is this?

and how do i implement a proper request body validation?

Not fully understanding your question. Could you maybe share a simple example as an OML that shows the behavior you're seeing? Would be helpful to see how you have configured your REST endpoint, method(s), and parameters.