Hello guys
for rest API design, how separating the validation of request and response from the business logic code?
Our services validate request and response data at the "edge" - I wrote a middleware which uses Avro schemas for input/output validation. It's sort of a RPC framework (POST requests only, can speak JSON or Avro, generates documentation out of schema + endpoint configuration, Avro was chosen because we can use it in other languages, something you can't do with spec or Schema). Everything else we tried failed in some way - either validations were spread over too many namespaces or we had very brittle schemas which couldn't be easily shared. In my opinion without going very strict, it's very hard to maintain the separation.
Also, I'm planning to open source the mentioned middleware