Security > Data validation > Response definitions


The purpose of each API call API consumers make is to receive a response of some kind, even just a response code. So to make your APIs meaningful, you must define the necessary responses for API operations.

For API security, it is important to define the expected returns and their structures to prevent leaky APIs. Otherwise you might accidentally reveal data or details about the backend server sending the response that you rather keep hidden. This way, even if your backend servers were breached, the design of your API prevents the servers from returning more information than the API is supposed to.


Contents in this section: