As a web developer, you are going to spend a decent amount of your time building and update API endpoints. If you are using Django, I recommend using Django’s excellent Django Rest Framework.

There are three places you can add valiation

Adding Validation at DRF/Django View-Level

An easy place to add valiation is directly in the view.

from rest_framework.exceptions import APIException

class InvalidAPIQuery(APIException):
    status_code = 400
    default_detail = 'An invalid query parameter was provided'
class DocumentUploadView(UserAuditLogMixin, APIView):
    permission_classes = (IsAuthenticated, )
    parser_classes = (MultiPartParser, FormParser,)

    def post(self, request, format=None):
        if 'submission_id' not in request.POST:
            raise InvalidAPIQuery("`submission_id` is required")

        document = models.Document.create_document_from_request(request)

        return Response({
            'document': serializers.DocumentSerializer(document['document']).data
        }, status=201)

Adding at DRF Serializer-Level

DRF serializers provide their own validation mechanism.

from rest_framework import serializers

class BuildingSerializer(serializers.ModelSerializer):

    def validate(self, data):
        errors = {}
        year_built = data.get('year_built')
        year_rennovated = data.get('year_rennovated')
        if year_rennovated < year_built:
            errors['error'] = u'You\'re an idiot!'
            raise serializers.ValidationError(errors)
        return data

Adding at Django Form-Level

Django forms, and specifically Django model forms are an decent place to add valiation.

from django import forms

class BuildingForm(forms.Form):

    year_built = forms.IntegerField(required=True)
    year_rennovated = forms.IntegerField(required=True)
    def clean(self):
        cleaned = super(BuildingForm, self).clean()
        year_built =  cleaned.get('year_built')
        year_rennovated =  cleaned.get('year_rennovated')

        if year_rennovated < year_built:
            raise forms.ValidationError(u'You\'re an idiot!')

And then in your view:

class BuildingView(viewsets.ModelViewSet):
    authentication_classes = (CustomSessionAuthentication,)
    queryset = models.Building.objects.all()
    serializer_class = serializers.BuildingSerializer

    def create(self, request):
        model_form = forms.BuildingForm(
        if model_form.is_valid():
            data = serializers.BuildingSerializer(obj).data
            return Response(data, status=201)
            return Response({'errors': model_form.errors}, status=400)