# Validating & Sanitizing Input

One of the most important lesson you learn with implementing API service is that you never trust the input your receive. You must *validate the input*, which means check that the input passes constraints, and *sanitize the input*, which means converting it from a text-based value to its concrete representation, such as a `Date` or a `String`.

Blueprint facilitates validating and sanitizing the input on the controller action. The controller action has the option of using the `schema` property to perform static validation. The value of the `schema` property is a [schema definition from express-validator](https://express-validator.github.io/docs/schema-validation.html). You can also use the `validate()` method, which is used to perform dynamic and asynchronous validation.

In our `super-rentals` example, we only need to validate the id parameter for `getOne()`, `update()`, and `delete()`. The schema for each method will be the same so we are only going to show the schema for the `getOne()` method. 

{% code title="app/controllers/rental.js" %}

```javascript
module.exports = ResourceController.extend ({
  // ...
  
  getOne () {
    return Action.extend ({
      // express-validator schema
      schema: {
        [this.id]: {
          in: 'params',
          optional: false,
        }
      },
  
      execute (req, res) {
        const { rentalId } = req.params;
        const rental = this.controller.rentals.get (rentalId);
  
        if (rental) {
          res.status (200).json ({ data: [rental] });
        }
        else {
          res.sendStatus (404);
        }
      }
    })
  }
});  
```

{% endcode %}

�