Validation is the act of determining if the input data is in proper form. There are two types of validation, form validation and service validation.

Form Validation

Form validation is simply how one would validate the data if it were a form from the frontend.

Below are some common examples of what would be considered form validation of a user registration endpoint you might build.

  • Email

    • Required.

    • Correct email format.

  • Password

    • At least 6 characters in length.

    • Must contain 1 number.

    • Must contain 1 alphabetical character.

  • Invite_Code

    • A 10 digit number.

Notice how these are quite generic and simple, because these do not pertain to any specific business rules.

Service Validation

Service validation is any type of validation that involves the business logic of your application.

Suppose we use the same user registration endpoint example from above, except this time we have specific business logic that needs validation.

  • Email

    • Must not be taken already.

  • Invite_Code

    • Must be a valid 10 digit number, where only users who have been sent email with that code can have a truly valid one.

Notice these constraints are put in the specification of the application and are not generic at all.


In addition to validation, there is also the sanitization of data. Sanitization is the act of removing and/or replacing any illegal or unwanted characters from the data. It goes hand in hand with validation because sanitizing data before and/or after the validation of data allows us to pass that data with more confidence throughout our application.

Here are some common examples:

  1. Trimming out spaces.

  2. Converting characters to HTML entities.

  3. Escape strings.

  4. Getting rid of special characters.

  5. Converting strings to only lower cases.

Last updated