How to validate REST request?

Question

Given this service:

POST /hotel HTTP/1.1

<hotel>
  <a>aaa</a>
  <b>bbb</b>
  <c>ccc</c>
</hotel>

HTTP/1.1 201 CREATED
Location: /hotel/123

When we process the request on the server we will validate the hotel XML in the request against a DTD.

Question is, as a REST best practice should the client refer to the DTD in the request (as one normally does when creating an XML doc based on a DTD)? Or is this not required? The DTD will be described in the API docs so the writers of the client service will be aware of the DTD validation details.

Answer 1

To my knowledge, REST does not have anything to say on the contents of the POST body.

Obviously, you have to validate the XML on the server anyway, so the best you can do is recommend that the client validates the XML against the DTD before sending it, to save on time and bandwidth. However, you really have no way to enforce it.

I think your responsibility as a service writer is to accept the request whether or not it refers to the DTD, but that is just my opinion.

Answer 2

Well, you could certainly spit back a 400 Bad Request if the request body fails a DTD check, but I wouldn't require the DTD reference to be present. You should allow it to be omitted, and use it if it's there, but I would also fail the request if they specify the wrong DTD. The error message should, of course, indicate what the expected DTD is.

You might want to consider skipping the strict conformance check if the DTD is omitted, since it's more the sort of thing that people want when they're setting up the software, but for performance reasons, might want to have off after they know everything is working.