Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions docs/validation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Request validation

StableRoute backend validates inbound payloads inline at route handlers.
Pair metadata PATCH routes share a descriptor table in `src/index.ts` that
centralizes field names, validators, and cross-field checks:

| Route suffix | Field | Validator summary |
|--------------|-------|-------------------|
| `liquidity` | `liquidity` | Non-negative integer string (≤39 digits) |
| `max` | `maxAmount` | Positive integer string |
| `min` | `minAmount` | Non-negative integer string; must be ≤ max/liquidity |
| `fee_bps` | `feeBps` | Integer in `[0, 1000]` |
| `rate` | `rate` | Positive decimal string, max 8 fractional digits |

Webhook registration validates:

- `url` must be `http(s)` with length ≤ 2048 and pass SSRF checks (`isSafeWebhookUrl`)
- `events` must be a non-empty string array with deduplicated entries

Unknown JSON keys on mutating routes are rejected via `rejectUnknownKeys`.

See OpenAPI (`openapi.yaml`) for the public contract and error envelope shape.