0

I'm creating an API using .NET's WEBAPI. I would like for clients of this API to be told the validation rules so that they can be implemented without the client developers having to trawl through documentation.

Developing in .NET MVC, you can define the validation using data annotations and then the Razor view engine "automagically" creates the client side implementations of this. I would like my API to provide at least the "rules" component to client developers so they might get the same type of advantage.

Does anyone know of any existing "standard" way of expressing these validation rules?

Thinking something like 

{entities : [entity { name: entityname, properties : [ {name : propertyname, required : True, MinLength : 0, MaxLength : 50, DataType : email }]}]}

Thinking that the client can get the validation rules in this type of format at the start of a session, then apply the rules dynamically?!?!

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
codemonkeytony
  • 180
  • 2
  • 13
  • What would people use those validation rules for in practice? Implementing their own UI that talks to your API? I haven't heard of a standard markup language for that, which makes me suspect it's not widely supported and probably more trouble than it's worth. – Matti Virkkunen Oct 01 '14 at 03:25
  • a couple of other question alude to this also, hence my interest. http://stackoverflow.com/questions/26130614/asp-net-mvc-model-validation-in-external-resource – codemonkeytony Oct 01 '14 at 03:41
  • http://stackoverflow.com/questions/26110753/angular-with-net-webapi-validation-and-single-point-of-truth – codemonkeytony Oct 01 '14 at 03:44
  • @MattiVirkkunen This is a fairly old idea to implement validation on the client side (where it improves user experience) and server side (where it MUST be implemented) without writing duplicate code. The idea is to provide a neutral language that can be parsed by both javascript and whatever language you use on the server. Most people simply use regex for this - it can be executed in both environments if you take care not to use perl specific features (perl is not the only language that use perl re). However regex is a horrible tool to validate numbers and ranges. – slebetman Oct 01 '14 at 03:52
  • There are several implementations in javascript of this idea. One that is close to what I've implemented before is validate.js which uses JSON to encode validation rules: http://rickharrison.github.io/validate.js/. You then only need to implement all the supported methods in your server-side language and parse the JSON spec together with query params to validate your input server side. – slebetman Oct 01 '14 at 03:54
  • @slebetman: ASP.NET already has means to do client validation if you're making your own UI. In this case it seems he wants to somehow extend that to some external UI, but unless there's a well-standardized and supported syntax and library for doing that, I doubt it's going to make things easier for implementors. – Matti Virkkunen Oct 01 '14 at 03:54
  • @MattiVirkkunen: In these post-web2.0 days mashups are extremely common. Some services such as payment handlers are mashup-only. And you can't force your customer to use ASP if they want to use Ruby on Rails or nodejs and Express or Joomla. But it would be nice if you can provide a front-end library that validates input on their site before posting them on your server. – slebetman Oct 01 '14 at 03:57
  • @slebetman: I think you didn't understand what I was saying. And I would be hesitant to include some custom whatever-validation library just to access an HTTP-based API at some point. – Matti Virkkunen Oct 01 '14 at 04:00
  • @slebetman thanks for the link to validate.js. That's kinda where I was headed mentally with the idea, though I was thinking more model based as opposed to form. If an API supplied the rules and there was a validate.js type library based on a standard then it would be plug and play for validation. – codemonkeytony Oct 01 '14 at 05:06

0 Answers0