> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fungies.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate Customer Data

> Ensure data quality with regex patterns or custom validation endpoints.

Validation helps ensure customers enter correct information, reducing fulfillment errors and support requests. Fungies supports two validation methods: regex patterns and custom validation URLs.

## Regex Validation

Use regular expressions to validate text field input directly in the browser. Invalid input is rejected before the customer can submit.

### How to Add Regex Validation

1. Edit your custom field in the Dashboard
2. Enter a regex pattern in the **Regex** field
3. Save your changes

<Info>
  Regex validation happens client-side, providing instant feedback to customers.
</Info>

### Common Patterns

| Use Case              | Pattern                                                          | Matches             |
| --------------------- | ---------------------------------------------------------------- | ------------------- |
| Numbers only          | `^[0-9]+$`                                                       | `12345`             |
| Letters only          | `^[a-zA-Z]+$`                                                    | `PlayerOne`         |
| Alphanumeric          | `^[a-zA-Z0-9]+$`                                                 | `Player123`         |
| Username (3-20 chars) | `^[a-zA-Z0-9_]{3,20}$`                                           | `cool_player_99`    |
| Email                 | `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`               | `user@example.com`  |
| UUID                  | `^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$` | `550e8400-e29b-...` |
| Date (YYYY-MM-DD)     | `^\d{4}-\d{2}-\d{2}$`                                            | `2024-01-15`        |

### Regex Tips

```javascript theme={null}
// Start (^) and end ($) anchors ensure the entire input matches
^[a-zA-Z0-9]+$   // ✓ Matches: "abc123"
                 // ✗ Rejects: "abc 123" (space not allowed)

// Character classes define allowed characters
[a-zA-Z]         // Any letter
[0-9] or \d      // Any digit
[a-zA-Z0-9_]     // Letters, digits, or underscore

// Quantifiers specify length
{3,20}           // Between 3 and 20 characters
+                // One or more
*                // Zero or more
```

<Tip>
  Test your regex patterns at [regex101.com](https://regex101.com/) before adding them to Fungies.
</Tip>

## Custom Validation URL

For complex validation that can't be expressed as regex—like checking if a player ID exists in your database—use a custom validation endpoint.

### How It Works

```mermaid theme={null}
sequenceDiagram
    participant C as Customer
    participant F as Fungies
    participant A as Your API
    
    C->>F: Enters "abc123"
    F->>A: POST /validate {playerId: "abc123"}
    A-->>F: 200 OK (valid)
    F-->>C: ✓ Input accepted
```

1. Customer enters a value
2. Fungies sends a POST request to your validation URL
3. Your API checks if the value is valid
4. Return `200 OK` for valid, any other status for invalid

### Request Format

Fungies sends a POST request with the field value:

```json theme={null}
{
  "playerId": "Player_12345"
}
```

The key is your custom field's identifier, and the value is what the customer entered.

### Response

| Status        | Meaning                          |
| ------------- | -------------------------------- |
| `200`         | Valid - customer can proceed     |
| `4xx` / `5xx` | Invalid - customer sees an error |

### Example Endpoint

```javascript theme={null}
// Express.js example
app.post('/validate/player-id', async (req, res) => {
  const { playerId } = req.body;
  
  // Check if player exists in your database
  const player = await db.players.findById(playerId);
  
  if (player) {
    return res.status(200).json({ valid: true });
  }
  
  return res.status(400).json({ 
    valid: false, 
    message: 'Player not found' 
  });
});
```

## Securing Your Validation Endpoint

<Warning>
  Without signature verification, anyone could call your validation endpoint. Always verify the signature in production.
</Warning>

Fungies signs validation requests the same way as webhooks. The signature is in the `x-fngs-signature` header:

```
x-fngs-signature: sha256_6808ed5be1262b60818359fa586145810d0793e8a677f1326520d3844e21b640
```

### Verify the Signature

Use your validation URL secret (set in the Dashboard) to verify requests:

```javascript theme={null}
import crypto from 'crypto';

function verifySignature(payload, signature, secret) {
  const expectedSignature = 'sha256_' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
    
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

app.post('/validate/player-id', (req, res) => {
  const signature = req.headers['x-fngs-signature'];
  const rawBody = req.rawBody; // Must be raw, unparsed body
  
  if (!verifySignature(rawBody, signature, process.env.VALIDATION_SECRET)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }
  
  // ... validation logic
});
```

See the [webhook signature verification guide](/developers/webhooks/setup#3-verify-webhook-signatures) for more details.

## Combining Validation Methods

You can use both regex and URL validation on the same field:

1. **Regex runs first** - Catches format errors instantly (client-side)
2. **URL validation runs second** - Checks business logic (server-side)

This gives customers fast feedback on format errors while still validating against your backend.

## Next Steps

<CardGroup cols={2}>
  <Card title="Custom Fields Setup" icon="gear" href="/developers/customer-data/setup">
    Create and configure custom fields
  </Card>

  <Card title="Webhook Setup" icon="webhook" href="/developers/webhooks/setup">
    Receive custom field data in your application
  </Card>
</CardGroup>
