DEV Community

Cover image for 🚫My Spring Boot API Accepted Invalid Data…. Until I Learned Input Validation
Shashwath S H
Shashwath S H

Posted on

🚫My Spring Boot API Accepted Invalid Data…. Until I Learned Input Validation

#springboot #java #backend #validation

When I first built REST APIs in Spring Boot, I trusted the client.

Big mistake.

Suddenly:

  • Empty strings were saved
  • Negative values appeared where they shouldn’t
  • Invalid emails passed validation
  • APIs crashed with ugly errors

That’s when I realized something critical was missing:
Input Validation.

🧠 What is Input Validation?

Input Validation ensures that the data coming from the client is:

  • Correct
  • Meaningful
  • Safe to process

In Spring Boot, validation is handled using annotations that define rules directly on data fields.

Instead of manually checking every field, Spring validates inputs automatically.

🧩 Why Validation is NOT Optional

Without validation:

  • Bad data enters your database
  • Bugs appear later (harder to debug)
  • APIs behave unpredictably

With validation:

  • Errors are caught early
  • APIs become reliable
  • Clients receive meaningful error messages

Validation protects both your application and your data.

🏷️ Common Validation Annotations (That I Actually Use)

🔹 @NotNull

Ensures the field is not null.

🔹 @NotEmpty

Ensures the field is not null and not empty
(used for strings, arrays, collections)

🔹 @notblank

Ensures a string is not null and not just whitespace.

This one saved me many times.

🔹 @Size

Restricts the size or length of a field.

Perfect for usernames, passwords, descriptions.

🔢 Numeric Validation (Very Important)

🔹 @max / @DecimalMax

Restricts the maximum allowed value.

🔹 @DecimalMin

Ensures a value is not less than a minimum.

🔹 @positive / @PositiveOrZero

Ensures numbers are positive.

🔹 @negative / @NegativeOrZero

Ensures numbers are negative.

These annotations stop nonsense numbers from entering your system.

📅 Date & Time Validation

These are extremely useful for real applications:

  • @Past
  • @PastOrPresent
  • @Future
  • @FutureOrPresent

They ensure dates make logical sense, not just format sense.

🧪 Pattern & Format Validation

🔹 @Email

Validates proper email format.

🔹 @Pattern

Validates input using a regular expression.

Useful for:

  • Phone numbers
  • IDs
  • Custom formats

🔍 Nested Validation with @valid

@valid tells Spring to:

  • Validate nested objects
  • Apply all validation rules recursively

Without this, nested objects silently skip validation.

This annotation is easy to forget and causes hidden bugs.

💥 What Happens When Validation Fails?

When validation fails:

  • Spring throws MethodArgumentNotValidException
  • This exception contains all validation errors
  • You can extract them using BindingResult

Instead of crashing, your API can return:

  • Clear error messages
  • Field-specific validation details
  • Proper HTTP status codes

This is what professional APIs do.

⚠️ The Mistake I Was Making

I used to:

  • Trust client input
  • Validate manually
  • Ignore edge cases

It worked… until real data came in.

Once I switched to annotation-based validation, my APIs became:

  • Safer
  • Cleaner
  • Easier to maintain

🚀 Final Thoughts

Input Validation is not a “nice-to-have”.

It’s a core part of backend development.

If your Spring Boot APIs feel:

  • Fragile
  • Unreliable
  • Hard to debug

Start with Input Validation.

This post is part of my learning-in-public journey while exploring Spring Boot and real-world backend design.

Top comments (0)