JavaScript Object Notation (JSON) is a format for structuring interchanged data that's readable to both humans and machines. Considered "self-describing," it's a simpler and lightweight alternative to XML. JSON was designed to be interoperable with a wide variety of systems, platforms, and programming languages — such as JavaScript, Java, Ruby, Python, PHP, and others. It's also easy to write and validate JSON using JSON Schema language.
JSON is also data-only and cannot contain parsable comments or directives (unlike XML, for example). While the JSON format visually resembles code, it's purely used to encode and transmit data without including any executables. However, JSON is less verbose than its predecessors and can be parsed using standard functions.
JSON's exact origins are often debated. However, programmer Douglas Crockford is popularly credited with formalizing and publishing the JSON format in 2001 alongside Chip Morningstar — an American software architect. It's currently standardized under RFC 8259, while its corresponding JSON Type Definition (used for code generation and JSON validation) appears under RFC 8927.
How does JSON work?
JSON syntax uses key-value pairs to represent data, which are based on descriptive text strings. It closely mirrors the JavaScript object literal format, which only accepts strings, numbers, objects, booleans, arrays (nested or unnested), or null data types. JSON objects, however, cannot contain functions, dates, or undefined values.
JSON outputs are becoming increasingly ubiquitous across the API landscape. While APIs can return responses in numerous formats (such as XML, HTML, etc.), JSON has gained popularity due to its lightweight design, descriptive syntax, and the rise of Asynchronous JavaScript and XML (AJAX) across the web.
What does a JSON object look like?
JSON objects can exist as part of a program or as part of a JSON file, using the extension .json. These JSON objects can range from minimal to highly complex — with numerous lines of key-value pairs. Here's an example of a barebones JSON object containing some of these data types:
{
"key" : "value",
"number" : 1,
"array" : [1,2,3,4]
"value1" : null,
"boolean" : true
}Next, here's how a simple (expanded) JSON object might look if we substitute in some placeholder keys and values. We've retrieved this data by hypothetically requesting specific "data" on yours truly:
{
"first_name" : "Tyler",
"last_name" : "Charboneau",
"birth_year" : 1900,
"location" : "Earth",
"online" : “chronically”,
"followers" : null
}This example is very simple, yet JSON payloads can be much more complex. Parsing a JSON body that is too large or has too many levels of nested attributes can become a performance bottleneck. Any server that accepts JSON payloads should check their size and complexity prior to processing them — removing a possible DoS attack vector — or employ a WAF to handle validation.
Generally speaking, JSON objects and their data structures must adhere to standard formatting. JSON keys are always surrounded by quotes, string values are always surrounded by quotes, and numbered values require no quotes. While nested arrays and other complicated formatting can make things trickier, a valid JSON object is surrounded by opening and closing curly braces.
That said, JSON validation is extremely important. Because a single syntax error such as a misplaced comma can prevent the JSON object from being properly parsed, linters and formatters are indispensable tools.
Does HAProxy support JSON?
Yes! HAProxy products and solutions support JSON formats in multiple ways — such as JSON file loading paths for APIs, OAuth JWT token verification, and JSON log encoding.
HAProxy ACLs can also extract and make decisions based on the JSON payloads clients send. If you're aiming to secure a web application that accepts JSON, HAProxy Enterprise WAF can detect threats within a JSON payload and limit the depth of JSON that it allows through.
To learn more about JSON in HAProxy, check out our Encoding HAProxy logs in machine-readable JSON or CBOR or Verify OAuth JWT Tokens With HAProxy blog posts.