Reputation: 4385
REST API + Frontend - Validation Best Practices
I am currently doing some research regarding validation (e.g. user-forms).
It is pretty obvious that validation absolutely has to be done on the backend to prevent "bad intentions" or malicious input etc.
Validation on the front end would additionally increase user friendliness as it is usually faster and we save a server roundtrip.
My question is the following: Is it good practice to do the validation e.g. only on the server-side and return localized error messages that are then shown by the front end?
Or is it an absolute no-go and validation should always happen on both sides?
And even if back- and frontend validation is done, and a failure happens on the backend due to an unexpected missing frontend validation, should the response contain a localized information to be shown on the frontend? Or would you just show a general "Something went wrong" message?
Somehow I have a bad feeling about localized error messages from an API.
Upvotes: 4
Views: 5559
Answers (1)
Reputation: 66
About your main question:
My question is the following: Is it good practice to do the validation e.g. only on the server-side and return localized error messages that are then shown by the front end?
As you said, front-end validation is good for friendliness but not only. Look at the example of validation of ZIP Code (it has fixed format, so it's easy to validate). If you don't validate at the front-end, you propably send many request to server (a little bit "overloading" server) and get response. It takes time. At the front-end, validation is do immediately. Additionally, about localizations: for web apps, for example in AngularJS, there are translation modules (in Angular there is angular-translate).
In parallel, the validation on the back-end is also good practice (no one wants to have bad data in database or crash the software).
I had a project using REST API with two people (I did a front-end in AngularJS, they - back-end in C#/.NET). I asked them for good messages about validation but unfortunately I got only "Bad request". For me as developer, it wasn't good during developing because I didn't know what that message mean (I didn't know whether it's a problem with my request or their bug). Moreover, I had to show message for the user: "Problem with form" (which is not friendly) - of course, I had also own validation.
Summary: it's better to have validation on both sides, moreover, the validation should inform user about problems in detail (but no so much).
Upvotes: 5
Related Questions
- How to expose a validation API in a RESTful way?
- Should I validate API response on the client?
- Validator endpoint design
- REST API endpoint to validate frontend entity
- What is the correct REST method for performing server side validation?
- POST or GET for a validation of some data endpoint in REST?
- Where do we handle errors in ASP.NET WebAPI and maintain thin controllers and separation on concerns?
- RESTful way of performing validation
- RESTful service, how to respond if validation failed?
- building RESTful API - handling POST requests and validation