REST API. Should I return an error if the request body has more information than necessary?
My current configuration is limiting the number of properties and the size of the request body for each endpoint. Should I return an error if the request body has more information than necessary?
Let's say that the endpoint /authenticate
requires a JSON body shown below:
{
"login": "string";
"password": "string";
}
and the user sends a request
{
"login": "mylogin",
"password": "mypassword",
"foo": "bar"
}
Should the REST API return an error in this case?
source to share
There are two options here:
1. Ignoring fields that do not affect the processing of requests and cannot change them.
By default, most JSON / XML parsers, when populating an object, skip fields that were not reflected in the model.
2. Strict field matching and return HTTP code 422 UNPROCESSABLE ENTITY
or 400 BAD REQUEST
.
You can have a list of all allowed fields for each endpoint to compare the incoming request with.
It depends on your API design and the style you want users to follow.
source to share
By default, the request is not validated for additional fields. For json schema there is an "additional properties" parameter, the value of which can be set to false.
Please refer to this link Overview of JSON Schema Validation . The relevant part is copied below.
The AdditionalProperties keyword is used to control the handling of additional materials, that is, properties that are not named in the property keyword. Any additional properties are allowed by default. The AdditionalProperties keyword can be either boolean or object-specific. If additional Properties are boolean and set to false, additional properties will not be allowed.
source to share