TypeScript

Parse Server beforeSave validation that holds

Client writes lie. This rejects bad data in a Parse Cloud Code beforeSave before it ever lands in the database.

18 Jun 2026

Validate on the server, in beforeSave, so the only path to your collection runs through these checks.

import { Cloud } from "parse-server";
 
Parse.Cloud.beforeSave("Order", async (request) => {
  const order = request.object;
 
  if (!request.user) {
    throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, "login required");
  }
 
  const qty = order.get("quantity");
  if (typeof qty !== "number" || !Number.isInteger(qty) || qty < 1) {
    throw new Parse.Error(
      Parse.Error.VALIDATION_ERROR,
      "quantity must be a positive integer",
    );
  }
 
  const status = order.get("status");
  const allowed = ["pending", "paid", "shipped"];
  if (!allowed.includes(status)) {
    throw new Parse.Error(
      Parse.Error.VALIDATION_ERROR,
      `status must be one of ${allowed.join(", ")}`,
    );
  }
 
  // Server owns these fields. Ignore whatever the client sent.
  if (order.isNew()) {
    order.set("owner", request.user);
    order.set("createdVia", "api");
  }
});

Gotchas

beforeSave runs on every write, including updates from your own Cloud functions. Use order.dirty("status") if you only want to validate fields that actually changed, otherwise an unrelated update re-runs every check and can reject a row that was already valid.

Related
now runningwhisper_scheduleopen