2 min read
The rules to mirror
form— 1–64 chars,[a-z0-9_-].fields— flat object, ≤60 keys, ≤16 KiB encoded, values string/number/boolean only.fields.email— if present, a valid address.fields.consent— must equal"yes".
Why mirror them
Client-side validation gives immediate, friendly feedback and avoids a wasted request that would just come back as a 422. It improves the experience and reduces load.
The server is still the authority
Never trust the client. The API re-validates everything server-side and rejects anything that does not fit, regardless of what your form allowed. Treat your checks as UX, not security.
Frequently asked questions
If I validate client-side, does the server still check?
Yes, always. The server is the final authority and re-validates every field. Your client checks are for user experience, not enforcement.
What are the size limits on fields?
Up to 60 keys and ≤16 KiB when JSON-encoded, with flat string/number/boolean values only.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
