![[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqbZf4bsDp6ei3fmQ8swm7GB5XoRrhZSFE7ZNhRLFO49KlmdgpIDCZWMSv7rydpEShIrNb9crnH5p6mFZbURzO5HC9I4RlzJazBBw5aHOTmI38sqiZIWPldRqut4bTgegipjOk5VgktVOwCKF_ncLeBX-pMTO_GMVMfbzZbf8eAj21V04y_NiOaSApGkM/s1600/webinar-play.jpg?#)
![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
_Jochen_Tack_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple testing Stage Manager for iPhone, Photographic Styles for video, and more [Video]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/04/iOS-Decoded-iOS-18.5.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![New Hands-On iPhone 17 Dummy Video Shows Off Ultra-Thin Air Model, Updated Pro Designs [Video]](https://www.iclarified.com/images/news/97171/97171/97171-640.jpg)
![Apple Shares Trailer for First Immersive Feature Film 'Bono: Stories of Surrender' [Video]](https://www.iclarified.com/images/news/97168/97168/97168-640.jpg)
![Apple Restructures Global Affairs and Apple Music Teams [Report]](https://www.iclarified.com/images/news/97162/97162/97162-640.jpg)
A Handy Way to Handle API Validation in Laravel
We all want our code to be clean, maintainable, and high-quality. As someone who really values good architecture, I want to share an idea on how to avoid creating tons of repetitive Form Request classes in Laravel - you know, those like CreateUserRequest, UpdateUserRequest, and so on. But before diving into that, let’s start with how to properly handle and display validation error messages for APIs. Validation Messages: The Responsable Contract The Illuminate\Contracts\Support\Responsable contract was introduced in Laravel 5.5 to standardize how HTTP responses are returned from controllers and routes. When an object implements this interface, Laravel automatically calls its toResponse() method whenever you return that object from a controller or route closure. Here’s what the interface looks like: public function toResponse($request); $request is the current HTTP request instance (Illuminate\Http\Request). The return value is a response object - usually something that extends Symfony\Component\HttpFoundation\Response, like a standard Laravel Response, JsonResponse, and so on. Here’s an example of how you might use this for validation error messages:
We all want our code to be clean, maintainable, and high-quality. As someone who really values good architecture, I want to share an idea on how to avoid creating tons of repetitive Form Request classes in Laravel - you know, those like CreateUserRequest, UpdateUserRequest, and so on.
But before diving into that, let’s start with how to properly handle and display validation error messages for APIs.
Validation Messages: The Responsable Contract
The Illuminate\Contracts\Support\Responsable contract was introduced in Laravel 5.5 to standardize how HTTP responses are returned from controllers and routes. When an object implements this interface, Laravel automatically calls its toResponse() method whenever you return that object from a controller or route closure.
Here’s what the interface looks like:
public function toResponse($request);
$request is the current HTTP request instance (Illuminate\Http\Request). The return value is a response object - usually something that extends Symfony\Component\HttpFoundation\Response, like a standard Laravel Response, JsonResponse, and so on.
Here’s an example of how you might use this for validation error messages:
errors = $errors;
}
/**
* Converts the response to a JSON response.
*
* @param mixed $request
* @return \Illuminate\Http\JsonResponse
*/
public function toResponse($request): JsonResponse
{
$requestId = Context::get(key: 'request_id');
$timestamp = Context::get(key: 'timestamp');
return new JsonResponse(
data: [
'status' => Response::HTTP_UNPROCESSABLE_ENTITY,
'result' => [
'message' => __(key: 'Validation error.'),
'errors' => $this->errors
],
'metadata' => [
'request_id' => $requestId,
'timestamp' => $timestamp,
],
],
status: Response::HTTP_UNPROCESSABLE_ENTITY
);
}
}
Now, we can simply return this object from our Form Requests to handle and display validation error messages.
Universal Base Request Class
So, to start off, let’s centralize and standardize the logic in our base Request class:
|string>
*/
abstract public function rules(): array;
/**
* Handle failed validation.
*
* @param Validator $validator
* @return void
*/
protected function failedValidation(Validator $validator): void
{
$response = new ValidationResponse(errors: $validator->errors());
throw new HttpResponseException(
response: $response->toResponse(request: $this->request)
);
}
}
The key idea here is to avoid duplicating the authorize() and failedValidation(Validator $validator) methods in every single Form Request. Instead, we put them into a shared base Request class where we define the default behavior.
When needed, individual child classes can override these methods to customize the logic for specific requests. This approach greatly reduces repetitive code and makes maintenance much easier.
Now, let’s move on to the concrete implementation of our base Request class.
Flexible Form Request Implementation
Instead of creating separate Form Request classes for each method (like create and update), you can use $this->method() together with the match expression. This lets you compactly define different validation rules within a single class depending on the HTTP method of the request, avoiding code duplication.
Let’s look at an example based on the PublishRequest class:
>
*/
private const array COMMON_RULES = [
'avatar' => [
'bail',
'nullable',
'image',
'mimes:jpeg,jpg,png,gif',
'max:3072'
],
'first_name' => ['bail', 'required', 'string', 'min:2', 'max:18'],
'last_name' => ['bail', 'nullable', 'string', 'min:2', 'max:27'],
'status' => ['bail', 'nullable', 'boolean'],
'role_id' => ['bail', 'nullable', 'uuid', 'exists:roles,id']
];
/**
* Returns validation rules depending on HTTP method.
*
* @return array>
*/
public function rules(): array
{
$pwdRules = Password::min(size: 8)->letters()->numbers()->symbols();
$rules = match ($this->method()) {
'POST' => [
'email' => $this->emailRules(unique: true),
'password' => [
...['bail', 'required', 'string', 'confirmed'],
...[$pwdRules]
],
],
'PUT', 'PATCH' => [
'id' => ['bail', 'required', 'uuid', 'exists:users,id'],
'email' => $this->emailRules(unique: false),
'password' => [
...['bail', 'sometimes', 'string', 'confirmed'],
...[$pwdRules]
],
],
default => []
};
return [...self::COMMON_RULES, ...$rules];
}
/**
* Generates email validation rules.
*
* @param bool $unique
* @return array
*/
private function emailRules(bool $unique): array
{
$emailRules = [
'bail',
'required',
'email:rfc,strict,spoof,dns',
'max:254'
];
if ($unique) {
$emailRules[] = 'unique:users,email';
} else {
$emailRules[] = 'unique:users,email,' . $this->id;
}
return $emailRules;
}
/**
* Converts 'status' input to boolean or null.
*
* @return void
*/
protected function prepareForValidation(): void
{
if ($this->has(key: 'status')) {
$this->merge(input: ['status' => filter_var(
value: $this->boolean(key: 'status'),
filter: FILTER_VALIDATE_BOOLEAN,
options: FILTER_NULL_ON_FAILURE
)]);
}
}
}
Why is this convenient and effective?
Single class for multiple scenarios - no need to create separate classes for create and update actions, which reduces code duplication and makes maintenance easier.
Reusing rules - common validation rules are stored in the
COMMON_RULESconstant, eliminating repetition.Data preparation before validation - the
prepareForValidationmethod ensures the status field is always correctly interpreted as a boolean or null.
Overall, this approach helps you write cleaner, more maintainable, and safer code, especially in projects that involve many different operations on the same entities.
