|
| 1 | +--- |
| 2 | +id: 4223 |
| 3 | +state: approved |
| 4 | +created: 2022-05-13 |
| 5 | +--- |
| 6 | + |
| 7 | +# Client-side payload validation |
| 8 | + |
| 9 | +Client-side payload validation is the practice of inspecting the request payload |
| 10 | +for any misconfigurations (e.g. missing required fields, attempting to update an |
| 11 | +immutable field) prior to executing a network call with the payload. Typically, |
| 12 | +documentation communicates the expectations of the service with regards to each |
| 13 | +request field, including any requirements on presence or format. The |
| 14 | +`google.api.field_behavior` annotation defined in [AIP-203][] is the |
| 15 | +machine-readable format that services use to document behavior in relation to |
| 16 | +specific request fields. |
| 17 | + |
| 18 | +## Guidance |
| 19 | + |
| 20 | +Client libraries **must not** implement client-side payload validation based |
| 21 | +on the `google.api.field_behavior` annotation, except to prevent |
| 22 | +[local failures](4223.md#local-failures). |
| 23 | + |
| 24 | +The reason for this is that the `google.api.field_behavior` annotation is |
| 25 | +primarily a machine-readable form of _documentation_, and **not** a |
| 26 | +configuration for payload validation. The annotation conveys how the service |
| 27 | +_already_ handles the field, and alludes to a service's own payload validation |
| 28 | +or expectations. |
| 29 | + |
| 30 | +Admittedly, depending on services to implement payload validation means clients |
| 31 | +will sometimes make network calls that are bound to result in errors. Furthermore, users |
| 32 | +then depend on services to provide actionable errors, when the client could have |
| 33 | +provided a language-idiomatic, localized error. However, robust server-side |
| 34 | +payload validation means that _all types_ of client (first party, third party, |
| 35 | +`curl`, etc.) will benefit from the **same** validation, and that there is no |
| 36 | +lag between service and clients when the field behavior changes. |
| 37 | + |
| 38 | +### Local failures |
| 39 | + |
| 40 | +Client libraries **may** implement client-side payload validation based on the |
| 41 | +`google.api.field_behavior` annotation only to the extent that it prevents |
| 42 | +local failures, such as crashes within the client library code itself. |
| 43 | + |
| 44 | +[AIP-203]: ../general/0203.md |
0 commit comments