Express API Validation Essentials

User input can be dangerous. You already know you need to validate any data your Express API receives. Without it, your API could crash horribly when it receives badly formatted data. You might end up with an unmaintainable database full of junk data.

Skipping out on validation leaves you vulnerable. Without it you could end up leaking sensitive user data. Or worse, you could lose control of your servers and be held to ransom by malicious attackers.

Eek, the thought of getting API validation wrong is kinda scary.

You want to avoid all these potential headaches. You sit down with Express and try and put in place all the things you need for a great API validation solution:

Parsing requests
Validating requests
Sending back validation errors in a useful format

It seems simple at first, but you quickly end up overwhelmed. You get stuck trying to choose from a whole heap of different validation libraries. You're not sure how to properly integrate the library you've picked with Express. But wait, you also need to figure out what to do with validation errors... and then you need to invent your own error response format too?!

It's all very confusing.

To make it worse, you can't seem to find any API validation best practices for the Express framework. What you have works, but it's clumsy. You're worried that you're doing it the wrong way.

You know there must be a better way to handle validation in your Express APIs, but you don't know what it is.

What if you had a go-to validation library? A library which you trusted and could integrate into your Express APIs with ease.

Wouldn't it be amazing if you knew how to send awesome, standardized error responses?

You could confidently apply validation best practices to every Express API you create. You would be able to focus your time on building features. You would have validation taken care of.

Implementing validation in Express APIs takes up way more of your time than it should.

But it doesn't have to be that way.

Learn the essentials of Express API validation with my book. With it you'll gain a deep understanding of "the Express way" for validation. Learn how to validate requests and send back awesome error responses with ease. Discover the power of the JSON Schema and Problem Details specifications. Then use them to help you conquer validation in Express.

What's inside the book?

Book cover for Express API Validation Essentials by Simon Plenderleith

A guide to the different types of Express middleware, and how to combine them to do validation "the Express way".
An introduction to the JSON Schema specification and the Ajv library. Two powerful tools for validating requests.
What the Problem Details specification is all about. How you can apply it as a format for sending helpful and consistent error responses.
Recipes for common validation scenarios. Setting default values, providing custom error messages and validating your schemas.
Full working code examples which you can run and try for yourself.

View the full table of contents

Download a sample of the book

Learn a complete API validation strategy you can start applying today.

Take care of validation in your Express APIs once and for all and buy my book. You'll be fearlessly validating requests in no time!

Book in PDF format (light and dark)

Full code examples

JSON Schema Cheat Sheet

Buy now — $19

What folks have said about this book

"A complex topic condensed into a well thought-out guide. The research has been done for me and I get to follow along. All design decisions are explained to aid with understanding. Brilliant!"

Nick Ramsbottom

Senior Developer, Financial Times

"Concise and a pleasure to read. This book has clarified concepts for me that I couldn't get right even after years of consulting the Express documentation."

Carles Andres

Lead Engineer, Tellimer

About the author

Simon Plenderleith

Hey, I'm Simon 👋

I'm an independent Node.js consultant and educator. Since the day I learnt HTML from a book in 1999, I've been hooked on coding. Over the past twenty years I've crafted web applications and tooling for many companies, big and small.

I help companies use Node.js to ship great products that grow their businesses. I also help developers level up with Node.js through my blog.

Preface
- What you're going to learn
- What you'll need to get the most from this book
- Code examples
- Get in touch
- Reviews
Doing things the Express way
- The middleware pattern
  - Middleware syntax
- The two types of middleware
  - Plain middleware
  - Error handling middleware
- Using middleware
  - At the route level
  - At the router level
  - At the application level
- Middleware in a validation strategy
  - Request body parsing
  - Request validation
  - Sending an error response
- Summary
Part 2: Validating requests
- The JSON Schema specification
- Ajv (Another JSON Schema Validator)
- Learning JSON Schema
  - Understanding JSON Schema
  - JSON Schema Cheat Sheet
  - JSON Schema specifications
- Why use JSON Schema and not validation library X?
  - No library, framework or language lock-in
  - Move between Node.js frameworks, or even languages
  - Active and supportive community
  - JSON Schema is on a path to becoming a standard
- Sidenote: JSON (JavaScript Object Notation) vs JavaScript objects
- Create a validation pipeline with JSON Schema
- Parsing a JSON request body in Express
  - Body parsing in older versions of Express
- Defining JSON schemas in Node.js
- Integrating Ajv into your Express application
- Using a JSON schema to validate a response body
- Validating other request properties
- Summary
Part 3: Error responses
- Introducing the 'Problem Details for HTTP APIs' specification
- Problem types and Problem details objects
- Example problem details response
  - More details, clearer problems
  - Breakdown of a problem details object
- Sending validation errors in problem details responses
  - Define problem types and map them to JavaScript error classes
  - Look up the problem details for an error
  - Send validation errors in a problem details response
- Summary
Part 4: Putting it all together
- Example Express API application
- Example requests and responses
- Summary
Recipes
- 1. Validating your schemas
- 2. Setting default values
- 3. Custom error messages