Data validation is one of the most important processes in any working software. In the context of a Web API, we perform the validation process to ensure that the information passed to our endpoints respects certain rules – for example, that a
Person object has both the
LastName properties defined, an email address is valid, or an appointment date isn’t in the past.
In controller-based projects, we can perform these checks, also termed model validation, directly on the model, using data annotations. In fact, the
ApiController attribute that is placed on a controller makes model validation errors automatically trigger a
400 Bad Request response if one or more validation rules fail. Therefore, in controller-based projects, we typically don’t need to perform explicit model validation at all: if the validation fails, our endpoint will never be invoked.