Flow Studio
Server-Side Validation
How the backend validates form submissions before resuming workflow execution — validation rules, error responses, and the retry mechanism.
Two Layers of Validation
| Layer | Where | What Validates |
|---|---|---|
| Client-side | Atlas Forms player (browser) | Required fields, field format, min/max, regex patterns |
| Server-side | Resume API endpoint | Business rules, cross-field logic, authorization checks |
Server-Side Validation Config
{
"serverValidation": {
"rules": [
{
"field": "approvedAmount",
"rule": "$value <= $output.parseClaim.amount",
"message": "Approved amount cannot exceed the claimed amount"
},
{
"field": "approvedAmount",
"rule": "$value > 0",
"message": "Approved amount must be positive"
},
{
"field": "approvalDecision",
"rule": "$value === 'rejected' ? $fields.rejectionReason !== '' : true",
"message": "Rejection reason is required when rejecting"
}
]
}
}Validation Failure Response
If server-side validation fails, the resume API returns 422 with field-level errors. The FormRenderer stays open and displays the errors inline:
HTTP 422 Unprocessable Entity
{
"validationErrors": [
{
"field": "approvedAmount",
"message": "Approved amount cannot exceed the claimed amount"
}
]
}The user corrects the errors and resubmits. The workflow remains suspended during validation failures.
Authorization Validation
The resume endpoint also validates that the actor submitting the form is the authorized actor for this task. Unauthorized submit attempts return 403 and do not resume the workflow:
// Resume API authorization check
if (!task.IsAssignedTo(actorId))
return Forbid("You are not authorized to complete this task");
if (task.Status != HILTaskStatus.Pending)
return Conflict("This task has already been completed or cancelled");