Skip to content
API Now LogoAPI Now LogoAPI Now Help Portal
API Now! is currently in closed beta. We are constantly updating these guides as we release updates!

Business Rules & Validation

To guarantee that your backend runs safely and securely without crashes, API Now! performs automatic checks (linting) on your data structures and API configurations.

These checks ensure your database is compatible with PostgreSQL standards and that your endpoints are fully secured before going live.

Validation Severity Levels

Section titled “Validation Severity Levels”

Issues found during validation are categorized into three severity levels:

  • Error (Blocker): Critical issues that violate database or API integrity. Errors must be resolved before you can publish a domain or deploy an API.
  • Warning (Recommendation): Non-blocking issues. While they do not prevent deployment, they point out missing security settings, missing descriptions, or non-optimal configurations.
  • Info (Advice): Informational suggestions or best-practice notices (such as highlighting that a hard delete strategy cannot be undone).

Data Domain Validation Rules

Section titled “Data Domain Validation Rules”

The platform validates your database blueprint (entities, columns, and relationships) against strict database-level guidelines.

Entity (Table) Rules

Section titled “Entity (Table) Rules”
  • Primary Key [Error]: Every entity must have a primary key (e.g., an ID property) to uniquely identify records. This can be defined directly or inherited from a parent entity.
  • Naming Conventions [Error]: Entity names must be unique within your model, contain only letters, numbers, or underscores, and start with a letter.
  • Property Bounds [Warning]: Entities should contain at least one property or association (unless they inherit properties from a parent entity).

Property (Field) Rules

Section titled “Property (Field) Rules”
  • PostgreSQL Compatibility [Error]: Column names must not conflict with PostgreSQL reserved keywords (like SELECT, TABLE, or USER). They must follow snake_case naming conventions and be between 2 and 59 characters long.
  • Semantic Data Alignment [Error]: The data type of a property must match its Smart Field tag. For example, you cannot apply the CreatedTimestamp (date/time) tag to a property defined as an integer.

Association (Relationship) Rules

Section titled “Association (Relationship) Rules”
  • Target Validity [Error]: Relationship links must point to target entities that actually exist in your data model.
  • Directional Nesting [Warning]: Relationships should be defined from parent to child (e.g., Post has many Comments) to enable clean nested sub-routing in your API.

API Model Validation Rules

Section titled “API Model Validation Rules”

The platform checks your API configurations to make sure they follow proper REST URL structures and are secure.

Security & Authentication

Section titled “Security & Authentication”
  • Authentication Mandatory [Error]: You must configure an authentication strategy (e.g., requiring logins or API keys) to protect your routes.
  • Username Semantic [Error]: If you select UsernamePassword authentication, your designated user entity must have a property tagged with the Username Smart Field.
  • RBAC Permissions [Error]: If you select Role-Based Access Control (RBAC) authorization, your user entity must contain a property tagged with the UserRole Smart Field.
  • Session Secret [Error]: All active sessions require a secure encryption secret and at least one mapped session property (such as storing the User ID in the active session).
  • Action Access Rules [Error]: Every exposed database action must have at least one access rule (e.g., public, authenticated, or role-restricted) attached to it.

Routing & Path Rules

Section titled “Routing & Path Rules”
  • Path Integrity [Error]: Collection paths must start with a / and parameter placeholders must use curly braces (e.g., /customers/{customerId}).
  • Route Collisions [Error]: Root-level paths must be unique across your API Model to prevent endpoint conflicts.
  • Resource Parameter Formatting [Error]: Resource paths must match their parent collection paths (e.g., /products must map to /products/{productId}).

Actions Configuration

Section titled “Actions Configuration”
  • Minimum Operations [Error]: Every exposed entity must enable at least one action (e.g. permitting users to “Read” or “List”).
  • Pagination Mandatory [Error]: To prevent server overloads, the List action requires a pagination style to be configured (either offset or cursor).
  • Search Index [Error]: The Search action requires you to select at least one text property to perform the search query against.

How to Run Validation

Section titled “How to Run Validation”

The API Now! platform runs these checks automatically when you save drafts in the visual modelers. If you are developing locally, you can run the validation manually via the CLI:

Terminal window
# Validate your local data domain schema:
npx apinow validate path/to/domain.json


# Validate your local API model schema against its domain:
npx apinow validate path/to/api.json --domain path/to/domain.json