Get full access to Python Microservices Development and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Asserting incoming data

The first principle, assert incoming data, just means that your application should not blindly execute incoming requests without making sure what will be the impact.

For instance, if you have an API that will let a caller delete a line in a database, you need to make sure the caller is allowed to do it. This is why we've added authentication and authorization earlier in this chapter.

But there are other ways to breach in. For example, if you have a Flask view that grabs JSON data from the incoming request and uses it to push data to a database, you should verify that the incoming request has the data you are expecting, and not blindly pass it over to your database backend. That's why it can be interesting to use Swagger ...

Get Python Microservices Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now