JSON:API spec compliance when creating resources - The resource object MUST contain at least a type member.

[sevenseacat]

Describe the bug

From: https://jsonapi.org/format/#crud-creating

A resource can be created by sending a POST request to a URL that represents a collection of resources. The request MUST include a single resource object as primary data. The resource object MUST contain at least a type member.

Something small I noticed - we don't require that the type member is present in the request.

We do validate it if it is present (empty/invalid values return an error) but if it's omitted, records can still be created.

To Reproduce

A json_api config and :

  json_api do
    type "artist"

    routes do
      base "/artists"

      post :create
    end
  end

  actions do
    create :create do
      accept [:name, :biography]
      change relate_actor(:created_by, allow_nil?: true)
      change relate_actor(:updated_by, allow_nil?: true)
    end
  end

Expected behavior

For full compliance with the spec, an error should also be returned if the type is not provided as part of the data hash. This would probably be a breaking change even though it's to add compliance 🤔

Runtime

• Elixir version 1.17.0-rc.1
• Erlang version 27.0
• OS macOS Sonoma
• Ash version 3.0.11
• AshJsonApi version 1.2.0

[zachdaniel]

Yeah, realistically it's not something we can change now unless we put it behind some kind of strict flag. I wouldn't be opposed to that. In general we always know the type of something at all times, so it would only be for spec compliance not for anything that we need.