Skip to main content
MongoDB
CHAPTER 18 Beginner

Validation Rules and Data Integrity

Updated: May 16, 2026
15 min read

# CHAPTER 18

Validation Rules and Data Integrity

1. Introduction

One of MongoDB's greatest strengths is its "Dynamic Schema." You can insert a document with 3 fields, and right next to it, insert a document with 50 fields. However, in an Enterprise production environment, complete anarchy is dangerous. If a bug in your Node.js application accidentally inserts a User document without an email field, the entire login system will crash. To solve this, MongoDB allows you to enforce strict JSON Schema Validation at the database level, giving you the best of both worlds: NoSQL flexibility with SQL-like structural guarantees.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Understand the purpose of Database-Level Validation.
  • Use $jsonSchema to define a collection's rules.
  • Enforce required fields.
  • Restrict data types (e.g., Age MUST be an integer).
  • Apply validation rules to existing collections.

3. The Danger of Application-Level Validation

You might think, "I validate the email in my React frontend and my Node.js backend, so the database is safe." This is a critical architectural flaw. Backends get bypassed. Developers write raw scripts. If someone logs into MongoDB Compass and manually inserts { username: "Bob" }, your Node.js validation never ran! The database MUST be the final, unbreakable wall of defense.

4. Creating a Validated Collection

You apply validation rules when you explicitly create a collection using db.createCollection(). We define the rules using the $jsonSchema object.

Let's create a users collection. We will enforce three rules:

  1. 1. email is REQUIRED and must be a String.
  1. 2. age is OPTIONAL, but if provided, it MUST be an Integer.
  1. 3. status MUST be either "Active" or "Suspended".

javascript
1234567891011121314151617181920212223 
db.createCollection("users", {
   validator: {
      $jsonSchema: {
         bsonType: "object",
         required: [ "email" ], // email is mandatory!
         properties: {
            email: {
               bsonType: "string",
               description: "must be a string and is required"
            },
            age: {
               bsonType: "int",
               minimum: 18,
               description: "must be an integer greater than or equal to 18"
            },
            status: {
               enum: [ "Active", "Suspended" ],
               description: "can only be one of the enum values"
            }
         }
      }
   }
})

5. Testing the Validation Shield

Now that the shield is up, let's try to insert bad data.
javascript
12345678910 
// Attempt 1: Fails! (Missing the required 'email' field)
db.users.insertOne({ name: "Alice" })
// Result: Document failed validation!

// Attempt 2: Fails! (Age is a string, not an integer)
db.users.insertOne({ email: "bob@example.com", age: "twenty" })
// Result: Document failed validation!

// Attempt 3: Success! (Meets all rules)
db.users.insertOne({ email: "charlie@example.com", status: "Active" })

6. Adding Validation to an EXISTING Collection

What if you already have a live collection with 5 million documents, and you want to lock it down today? You use the collMod (Collection Modify) command.
javascript
12345678910111213 
db.runCommand({
   collMod: "products",
   validator: {
      $jsonSchema: {
         bsonType: "object",
         required: [ "price" ],
         properties: {
            price: { bsonType: "double" }
         }
      }
   },
   validationLevel: "moderate" // CRITICAL! See below.
})

7. Validation Levels (strict vs moderate)

When applying validation to an *existing* collection, you must choose a Validation Level:
  • strict (Default): Applies rules to ALL inserts and updates. If you try to update an old, legacy document that doesn't meet the new rules, MongoDB will block the update!
  • moderate: Applies rules to ALL new inserts, but allows you to update old legacy documents even if they fail the new validation rules. (This is highly recommended for existing production databases).

8. Mini Project: The Bulletproof Employee Collection

Let's combine validation with a dynamic array. We require a name, but the skills array is completely dynamic NoSQL!
javascript
12345678910111213141516 
db.createCollection("employees", {
   validator: {
      $jsonSchema: {
         bsonType: "object",
         required: [ "name", "salary" ],
         properties: {
            name: { bsonType: "string" },
            salary: { bsonType: "double", minimum: 30000.00 },
            skills: { 
                bsonType: "array",
                items: { bsonType: "string" } // Every item inside the array MUST be a string!
            }
         }
      }
   }
})

9. Common Mistakes

  • Applying JSON Schema like SQL: If you strictly define every single possible field in $jsonSchema, you have essentially re-invented MySQL, destroying the developmental agility of NoSQL. Best Practice: Only validate the absolute bare minimum fields required for the application to function (like email and password_hash). Leave the rest dynamic!

10. Best Practices

  • Regex Validation: You can use Regular Expressions in your schema. For example, pattern: "^.+@.+$" ensures that the string inserted into the email field actually looks like an email address!

11. Exercises

  1. 1. What MongoDB keyword is used to explicitly define database-level rules for a collection?
  1. 2. If you want to restrict a role field to only accept the exact words "Admin" or "User", what keyword do you use inside the $jsonSchema properties?

12. MongoDB Challenges

Write the validator object to require a field named username and ensure it is stored as a string.
javascript
1234567891011 
{
  validator: {
    $jsonSchema: {
      bsonType: "object",
      required: ["username"],
      properties: {
        username: { bsonType: "string" }
      }
    }
  }
}

13. MCQ Quiz with Answers

Question 1

Why is it an architectural necessity to enforce JSON Schema Validation at the database level, even if your frontend (React) and backend (Node.js) already perform data validation?

Question 2

When applying a new $jsonSchema to an EXISTING production collection via collMod, what does validationLevel: "moderate" do?

14. Interview Questions

  • Q: Explain the conflict between MongoDB's philosophy of "Dynamic Schemas" and the Enterprise requirement of "JSON Schema Validation". How do you strike an architectural balance between the two?
  • Q: Describe how you would enforce a minimum and maximum numerical value on an age field using $jsonSchema.

15. FAQs

Q: Can I see exactly WHY a document failed validation? A: Yes! In modern MongoDB versions, if an insert fails, the server response includes a highly detailed schemaRulesNotSatisfied object, pointing out the exact field (e.g., "age") and the exact rule (e.g., "minimum 18") that triggered the rejection.

16. Summary

You have successfully fortified your NoSQL architecture. By deploying $jsonSchema validators, you guarantee that corrupted data, missing emails, and incorrect data types can never enter your system, regardless of how many bugs exist in the application code.

17. Next Chapter Recommendation

Our data is secure and structurally perfect. But what happens if the server physically crashes in the middle of processing a financial order? In Chapter 19: Transactions in MongoDB, we will explore Multi-Document ACID Transactions to guarantee absolute "All-or-Nothing" reliability.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter MongoDB Array Queries | Dot Notation & Positional Operator
Next Chapter MongoDB Transactions | ACID Properties & Sessions

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 6

Related Quizzes 6