DEV Community

Diego Liascovich
Diego Liascovich

Posted on

Robust API Input Validation with Joi in Express.js

#node #api #validation #joi

By Diego Liascovich

Full-Stack Developer | Microservices | Angular | Node.js

When building REST APIs in Node.js, validating user input is essential to ensure data integrity and application security. In this post, you'll learn how to use Joi to validate incoming requests in a real-world Express.js project.

πŸ”§ What is Joi?

Joi is a powerful validation library for JavaScript. It allows you to create schemas to validate JavaScript objects, including request payloads.

πŸ“¦ Project Setup

Install the required packages:

npm install express joi
Enter fullscreen mode Exit fullscreen mode

Project structure:

project/
β”œβ”€β”€ app.js
β”œβ”€β”€ routes/
β”‚   └── user.routes.js
β”œβ”€β”€ validators/
β”‚   └── user.validator.js
Enter fullscreen mode Exit fullscreen mode

πŸ§ͺ Example Use Case: User Registration

We want to validate this user object:

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "12345678"
}
Enter fullscreen mode Exit fullscreen mode

πŸ“ user.validator.js 

// validators/user.validator.js
const Joi = require('joi');

const registerUserSchema = Joi.object({
  name: Joi.string().min(3).max(30).required(),
  email: Joi.string().email().required(),
  password: Joi.string().min(8).required()
});

module.exports = { registerUserSchema };
Enter fullscreen mode Exit fullscreen mode

πŸ“ user.routes.js 

// routes/user.routes.js
const express = require('express');
const { registerUserSchema } = require('../validators/user.validator');
const router = express.Router();

router.post('/register', (req, res) => {
  const { error, value } = registerUserSchema.validate(req.body);

  if (error) {
    return res.status(400).json({ error: error.details[0].message });
  }

  // Simulate user creation
  res.status(201).json({ message: 'User registered successfully', data: value });
});

module.exports = router;
Enter fullscreen mode Exit fullscreen mode

πŸ“ app.js 

// app.js
const express = require('express');
const userRoutes = require('./routes/user.routes');

const app = express();
app.use(express.json());
app.use('/api/users', userRoutes);

app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});
Enter fullscreen mode Exit fullscreen mode

πŸš€ Test the API

Use Postman or curl to POST to /api/users/register:

curl -X POST http://localhost:3000/api/users/register \
  -H "Content-Type: application/json" \
  -d '{"name":"John Doe", "email":"john@example.com", "password":"12345678"}'
Enter fullscreen mode Exit fullscreen mode

βœ… Summary

Joi helps enforce robust input validation in Express applications. With modular validators and clear error messages, it enhances both security and developer experience.

Top comments (0)