Skip to main content
REST API Design Tutorial
CHAPTER 08 Beginner

JSON and Data Serialization

Updated: May 14, 2026
40 min read

# CHAPTER 8

JSON and Data Serialization

1. Introduction

Computers process data in complex, language-specific memory structures. A Python Dictionary, a PHP Associative Array, and a Java Object are completely different in their physical RAM representations. You cannot send a PHP Array over the internet to a React app. To communicate, they must translate their complex memory structures into a universal, plain-text string format. In this chapter, we will explore JSON (JavaScript Object Notation) and the critical process of Data Serialization and Deserialization.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define JSON and explain its syntax rules.
  • Understand the concept of Data Serialization.
  • Differentiate between native programming objects and serialized strings.
  • Serialize and Parse JSON data in modern backend languages.
  • Format API payloads correctly.

3. Beginner-Friendly Explanation

Imagine a fully assembled Lego Castle (A Programming Object in RAM). You want to mail this castle to your friend across the country. You cannot fit an assembled castle into a standard envelope (The Internet).
  • Serialization: You take the castle apart, piece by piece, and write down an instruction manual (a long string of text) describing exactly how they connect. You put the paper manual in the envelope and mail it.
  • Deserialization (Parsing): Your friend receives the envelope, reads the text instructions, and rebuilds the 3D Lego Castle in their own living room.

You didn't send the castle; you sent a *text representation* of the castle. That text is JSON.

4. What is JSON?

JSON stands for JavaScript Object Notation. Despite the name, it is completely language-independent. It is the undisputed global standard for structuring data in REST APIs. (It defeated XML because it is lighter, faster, and easier for humans to read).

Strict JSON Syntax Rules:

  1. 1. Data is in name: value pairs.
  1. 2. Data is separated by commas.
  1. 3. Curly braces {} hold objects.
  1. 4. Square brackets [] hold arrays.
  1. 5. CRITICAL: All string keys MUST be wrapped in double-quotes "". (Single quotes will crash the parser).

Valid JSON String:

json
123456789 
{
  "user_id": 42,
  "is_active": true,
  "skills": ["JavaScript", "Python"],
  "address": {
    "city": "New York",
    "zip": "10001"
  }
}

5. Serialization (Converting to JSON)

When your backend framework queries the database, it receives native objects (like a Mongoose Object or a Laravel Eloquent Model). Before returning it in the HTTP Response, you must Serialize it into a JSON string.

Node.js Example:

javascript
12345678910 
const userObject = { id: 1, name: "Alice" }; // Native JS Object in RAM

// Serialization: Converts Object -> String
const jsonString = JSON.stringify(userObject); 
// Output: '{"id":1,"name":"Alice"}'

// Express.js does this automatically for you when you call res.json()!
app.get('/api/users', (req, res) => {
    res.json(userObject); // Automatically serializes and sets Content-Type header
});

PHP Example:

php
123456 
$userArray = ["id" => 1, "name" => "Alice"]; // Native PHP Array

// Serialization: Converts Array -> String
$jsonString = json_encode($userArray);

// Laravel does this automatically when returning arrays from routes!

6. Deserialization / Parsing (Converting from JSON)

When an API receives a POST request, the data arrives as a raw JSON string. You must Deserialize (Parse) it back into native objects before your code can interact with it.

Node.js Example:

javascript
1234567 
const incomingString = '{"id":1,"name":"Alice"}';

// Parsing: Converts String -> Object
const userObject = JSON.parse(incomingString);
console.log(userObject.name); // "Alice"

// Express.js does this automatically if you use the express.json() middleware!

7. Avoiding Circular References

Serialization will crash your server if your data contains Circular References. For example, if User has a relationship to Post, and Post has a relationship back to User. If you attempt to serialize the User, the serializer will include the Post, which includes the User, which includes the Post, causing an infinite loop until the server crashes.

The Fix: Modern frameworks utilize "Resources" or "Serializers" (like Laravel API Resources or Python Marshmallow) to explicitly define exactly which fields should be serialized, stripping out circular relationships and hidden fields (like passwords).

8. Backend Workflow: API Resources (Laravel Example)

You should never serialize your raw database models directly to the API. It often leaks sensitive data (like password_hash). Use a Resource layer to transform the data cleanly.
php
123456789101112131415 
// Laravel API Resource Example
class UserResource extends JsonResource
{
    public function toArray($request)
    {
        // We manually pick exactly what fields to serialize.
        // We explicitly EXCLUDE the password hash!
        return [
            'id' => $this->id,
            'full_name' => $this->first_name . ' ' . $this->last_name,
            'email' => $this->email,
            'joined_at' => $this->created_at->toDateTimeString(),
        ];
    }
}

9. Best Practices

  • Consistent Casing: Choose a casing convention for your JSON keys and stick to it universally. The industry standard for JSON keys is camelCase (e.g., firstName, createdAt) or snakecase (e.g., firstname, createdat). Never mix them.

10. Common Mistakes

  • Trailing Commas: A massive source of pain for beginners manually writing JSON for API testing. {"name": "John", "age": 30,} is Invalid JSON. You cannot have a trailing comma after the final property. The JSON parser will throw a fatal error.

11. Exercises

  1. 1. Explain the purpose of Serialization. Why can't a Node.js server simply send a Javascript Object directly to an iOS application over the network?

12. Coding Challenges

  • Challenge: Look at the following text: { name: 'John', age: 30 }. Is this valid JSON? If not, identify the two specific syntax errors and rewrite it as a strictly valid JSON string.

13. MCQs with Answers

Question 1

In the context of REST APIs, what does the process of "Serialization" accomplish?

Question 2

Which of the following is a strict, mandatory syntax rule of JSON?

14. Interview Questions

  • Q: Explain the difference between Serialization and Deserialization in the Request-Response cycle. At what specific points in the cycle do Express.js middleware functions handle these operations automatically?
  • Q: You are building an API that returns User profiles. The raw database model contains id, username, email, and passwordhash. Explain the security vulnerability of calling JSON.stringify(userModel) directly, and describe the architectural pattern (e.g., API Resources) you would implement to prevent it.

15. FAQs

Q: Can I send binary data (like an image file) inside JSON? A: Not directly, as JSON is strictly a text format. To send an image inside JSON, you must convert the image into a Base64 encoded string. However, this inflates the file size significantly. For file uploads, it is much better to abandon JSON for that specific endpoint and use multipart/form-data.

16. Summary

In Chapter 8, we decoded the universal language of REST APIs: JSON. We explored the necessity of Serialization—converting complex native memory structures (like arrays and objects) into standardized text strings for network transmission. We also covered Parsing, the reverse process executed upon receiving a payload. Finally, we highlighted the critical security practice of using API Resources or Serializers to precisely filter database models, ensuring we never accidentally leak passwords or trigger circular reference crashes when generating our JSON responses.

17. Next Chapter Recommendation

Our JSON is formatted beautifully, but what happens when a client sends us terrible, invalid JSON data? Proceed to Chapter 9: API Validation and Error Handling.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Request and Response Handling
Next Chapter Authentication and Authorization in APIs

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 6

Related Quizzes 6

🎥 Related Videos 1