I’m working on a PHP web application that depends on a few party services. These services are well documented and provided by fairly large organisations.
I feel paranoid when working with responses from these API which leads me to write validation code that validates that the responses match the structure and data types specified in the documentation. This mainly comes from the fact that its out with my control and if I blindly trust that the data will be correct and its not (maybe someone changes the json structure by accident), it could lead to unexpected behaviour in my application.
My question is do you think this is overkill? How does everyone else handle this situation?