Validation helps ensure customers enter correct information, reducing fulfillment errors and support requests. Fungies supports two validation methods: regex patterns and custom validation URLs.
Regex Validation
Use regular expressions to validate text field input directly in the browser. Invalid input is rejected before the customer can submit.
How to Add Regex Validation
- Edit your custom field in the Dashboard
- Enter a regex pattern in the Regex field
- Save your changes
Regex validation happens client-side, providing instant feedback to customers.
Common Patterns
| Use Case | Pattern | Matches |
|---|
| Numbers only | ^[0-9]+$ | 12345 |
| Letters only | ^[a-zA-Z]+$ | PlayerOne |
| Alphanumeric | ^[a-zA-Z0-9]+$ | Player123 |
| Username (3-20 chars) | ^[a-zA-Z0-9_]{3,20}$ | cool_player_99 |
| Email | ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ | user@example.com |
| UUID | ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ | 550e8400-e29b-... |
| Date (YYYY-MM-DD) | ^\d{4}-\d{2}-\d{2}$ | 2024-01-15 |
Regex Tips
// Start (^) and end ($) anchors ensure the entire input matches
^[a-zA-Z0-9]+$ // ✓ Matches: "abc123"
// ✗ Rejects: "abc 123" (space not allowed)
// Character classes define allowed characters
[a-zA-Z] // Any letter
[0-9] or \d // Any digit
[a-zA-Z0-9_] // Letters, digits, or underscore
// Quantifiers specify length
{3,20} // Between 3 and 20 characters
+ // One or more
* // Zero or more
Test your regex patterns at regex101.com before adding them to Fungies. Custom Validation URL
For complex validation that can’t be expressed as regex—like checking if a player ID exists in your database—use a custom validation endpoint.
How It Works
- Customer enters a value
- Fungies sends a POST request to your validation URL
- Your API checks if the value is valid
- Return
200 OK for valid, any other status for invalid
Fungies sends a POST request with the field value:
{
"playerId": "Player_12345"
}
Response
| Status | Meaning |
|---|
200 | Valid - customer can proceed |
4xx / 5xx | Invalid - customer sees an error |
Example Endpoint
// Express.js example
app.post('/validate/player-id', async (req, res) => {
const { playerId } = req.body;
// Check if player exists in your database
const player = await db.players.findById(playerId);
if (player) {
return res.status(200).json({ valid: true });
}
return res.status(400).json({
valid: false,
message: 'Player not found'
});
});
Securing Your Validation Endpoint
Without signature verification, anyone could call your validation endpoint. Always verify the signature in production.
x-fngs-signature header:
x-fngs-signature: sha256_6808ed5be1262b60818359fa586145810d0793e8a677f1326520d3844e21b640
Verify the Signature
Use your validation URL secret (set in the Dashboard) to verify requests:
import crypto from 'crypto';
function verifySignature(payload, signature, secret) {
const expectedSignature = 'sha256_' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
app.post('/validate/player-id', (req, res) => {
const signature = req.headers['x-fngs-signature'];
const rawBody = req.rawBody; // Must be raw, unparsed body
if (!verifySignature(rawBody, signature, process.env.VALIDATION_SECRET)) {
return res.status(401).json({ error: 'Invalid signature' });
}
// ... validation logic
});
Combining Validation Methods
You can use both regex and URL validation on the same field:
- Regex runs first - Catches format errors instantly (client-side)
- URL validation runs second - Checks business logic (server-side)
This gives customers fast feedback on format errors while still validating against your backend.
Next Steps
