Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fungies.io/llms.txt

Use this file to discover all available pages before exploring further.

Validation helps ensure customers enter correct information, reducing fulfillment errors and support requests. Fungies supports two validation methods: regex patterns and custom validation URLs.

Regex Validation

Use regular expressions to validate text field input directly in the browser. Invalid input is rejected before the customer can submit.

How to Add Regex Validation

  1. Edit your custom field in the Dashboard
  2. Enter a regex pattern in the Regex field
  3. Save your changes
Regex validation happens client-side, providing instant feedback to customers.

Common Patterns

Use CasePatternMatches
Numbers only^[0-9]+$12345
Letters only^[a-zA-Z]+$PlayerOne
Alphanumeric^[a-zA-Z0-9]+$Player123
Username (3-20 chars)^[a-zA-Z0-9_]{3,20}$cool_player_99
Email^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$user@example.com
UUID^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$550e8400-e29b-...
Date (YYYY-MM-DD)^\d{4}-\d{2}-\d{2}$2024-01-15

Regex Tips

// Start (^) and end ($) anchors ensure the entire input matches
^[a-zA-Z0-9]+$   // ✓ Matches: "abc123"
                 // ✗ Rejects: "abc 123" (space not allowed)

// Character classes define allowed characters
[a-zA-Z]         // Any letter
[0-9] or \d      // Any digit
[a-zA-Z0-9_]     // Letters, digits, or underscore

// Quantifiers specify length
{3,20}           // Between 3 and 20 characters
+                // One or more
*                // Zero or more
Test your regex patterns at regex101.com before adding them to Fungies.

Custom Validation URL

For complex validation that can’t be expressed as regex—like checking if a player ID exists in your database—use a custom validation endpoint.

How It Works

  1. Customer enters a value
  2. Fungies sends a POST request to your validation URL
  3. Your API checks if the value is valid
  4. Return 200 OK for valid, any other status for invalid

Request Format

Fungies sends a POST request with the field value: 
{
  "playerId": "Player_12345"
}
The key is your custom field’s identifier, and the value is what the customer entered.

Response

StatusMeaning
200Valid - customer can proceed
4xx / 5xxInvalid - customer sees an error

Example Endpoint

// Express.js example
app.post('/validate/player-id', async (req, res) => {
  const { playerId } = req.body;
  
  // Check if player exists in your database
  const player = await db.players.findById(playerId);
  
  if (player) {
    return res.status(200).json({ valid: true });
  }
  
  return res.status(400).json({ 
    valid: false, 
    message: 'Player not found' 
  });
});

Securing Your Validation Endpoint

Without signature verification, anyone could call your validation endpoint. Always verify the signature in production.
Fungies signs validation requests the same way as webhooks. The signature is in the x-fngs-signature header: 
x-fngs-signature: sha256_6808ed5be1262b60818359fa586145810d0793e8a677f1326520d3844e21b640

Verify the Signature

Use your validation URL secret (set in the Dashboard) to verify requests: 
import crypto from 'crypto';

function verifySignature(payload, signature, secret) {
  const expectedSignature = 'sha256_' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
    
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

app.post('/validate/player-id', (req, res) => {
  const signature = req.headers['x-fngs-signature'];
  const rawBody = req.rawBody; // Must be raw, unparsed body
  
  if (!verifySignature(rawBody, signature, process.env.VALIDATION_SECRET)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }
  
  // ... validation logic
});
See the webhook signature verification guide for more details.

Combining Validation Methods

You can use both regex and URL validation on the same field:
  1. Regex runs first - Catches format errors instantly (client-side)
  2. URL validation runs second - Checks business logic (server-side)
This gives customers fast feedback on format errors while still validating against your backend.

Next Steps

Custom Fields Setup

Create and configure custom fields

Webhook Setup

Receive custom field data in your application