i have web api restful service has few post endpoints insert new object database. want limit maximum characters accepted object name 20. should db, api, or ui handle this?
obviously, prevent more 20 characters on of layers. however, if gets past ui form has been submitted. @ point, want service layer or db layer return informative explanation why not accepted. best practice handle this?
should db, api, or ui handle this?
at least, api must handle data validation. has own opinions on how rest should work, 1 approach return http 400 (bad request), content includes information why request bad.
client-side checking definite bonus on top of this. ideally you'll never see code hit @ api layer. client should capable of handling potential "bad request" response in graceful way. if there's ever mismatch between rules applied api , client, you'll want client recognize action didn't succeed, , display appropriate error user respond issue.
database-level checks idea if ever allow data bypass api layer, through bulk imports or something. if not, database might 1 more place you'll have remember change if ever change validation requirements.
Comments
Post a Comment