跳轉到

Request Validation

Exercises

  1. Why should we rely on a flag to make a request “validate only” rather than a separate method that validates requests?
We can accomplish this with a single field specifying that the request should be treated as for validation purposes only.
  1. Imagine an API method that fetches data from a remote service. Should a validation request still communicate with the remote service? Why or why not?
Yes. Because fetching data is a idempotent behavior, and doesn't cause side effects therefore. In case of non-idempotent methods, it depends on whether external dependency supports validation requests.
  1. Does it ever make sense to have support for validation requests on methods that never write any data?
Yes. Consider an API method to query a large data warehouse. Running a SQL query of a large set of data technically doesn’t change any data, but it certainly could cost quite a lot of money.
  1. Why is it important that the default value for the validateOnly flag is false? Does it ever make sense to invert the default value
If we chose the other way around (defaulting to always validate requests only), we’d be inadvertently crippling all requests from doing actual work by default. To get anything resembling normal behavior in this case, we’d always need to set a flag, which is likely a big mistake for any API.

Summary

  • Some API requests are sufficiently dangerous that they merit supporting a way for users to validate the request before actually executing it.
  • API methods that support this functionality should provide a simple Boolean field (validateOnly) indicating that a request is to be validated only and not actually executed. These requests should be considered safe and should not have any effect on the underlying system.
  • There will often be scenarios where API methods supporting validation requests will interact with external services. In these cases, these methods should validate those externalities to the best of their ability, acknowledging that it is not possible to validate safety for some aspects.