Most of developers will be easily able to answer this question, and the answer is we validate the incoming request and sanitise the data for any unintended behaviour at server side.
But mostly in start ups and traditional organisation they have continued to do this as per there old style/old school methods where the server will respond with a Error which no body but the developer of that API can only understand. So the production issue which I am trying to showcase here is the API response and the way the incoming data is validated. Especially in case of server-less architecture.
Assuming you have a JSON based API exposed to your clients.
Best Practise’s
- Dont just throw invalid request Error, aggregate the mandatory input list and response back in nice JSON format (which is standard across all endpoints).
- Send appropriate HTTP Response Code and not just 400 for all the API Errors
- Also handle third party API errors
Prepare a class which helps you aggregate all the validation errors, have validation rules and check your inputs against the validation rules configured. Also middle-ware can be used for data sanitation. Laravel framework is one of the framework which helps you achieve this easily. Nevertheless you can make this module once and use across your API/system.
In case the API do not follow this simple points then you can measure the level of standard you are dealing with.
Leave a Reply
You must be logged in to post a comment.