Forem: Anh Quân Nguyễn The latest articles on Forem by Anh Quân Nguyễn (@anh_qunnguyn_57549060f). https://forem.com/anh_qunnguyn_57549060f https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2189853%2F405c0fa0-9bd1-48d2-b27c-9ad1801775c7.jpg Forem: Anh Quân Nguyễn https://forem.com/anh_qunnguyn_57549060f en JSON Schema in 10 Minutes — Validation, Types & Real Examples Anh Quân Nguyễn Tue, 26 May 2026 03:44:14 +0000 https://forem.com/anh_qunnguyn_57549060f/json-schema-in-10-minutes-validation-types-real-examples-4pjg https://forem.com/anh_qunnguyn_57549060f/json-schema-in-10-minutes-validation-types-real-examples-4pjg <p>Two years ago I shipped a webhook handler without input validation. A partner started sending us a slightly malformed payload (an extra field, one missing required field) and our worker silently processed garbage into the database for three days before anyone noticed. By the time I traced it, we had 12,000 corrupt rows and a very awkward customer call.</p> <p>I learned JSON Schema the next week. This post is the cheat sheet I wish someone had handed me on day one — the keywords I actually use, the gotchas that bit me again later, and the honest comparison with OpenAPI and TypeScript types.</p> <h2> The seven types you'll use </h2> <p>Every JSON value is one of seven types: <code>string</code>, <code>number</code>, <code>integer</code>, <code>boolean</code>, <code>object</code>, <code>array</code>, or <code>null</code>. The <code>integer</code> type is a JSON Schema convenience (raw JSON only has <code>number</code>) but the schema layer enforces "no decimal places." A minimal schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>That validates any string and rejects everything else. You can also accept a union:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="s2">"null"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Useful for optional fields you want to keep present in the payload rather than omitting. Before I write more than a one-line schema I usually paste a sample payload into a <a href="https://calculators.im/json-formatter" rel="noopener noreferrer">JSON formatter</a> to see the actual shape pretty-printed. Type errors almost always come from misreading the structure.</p> <h2> Objects, required, and the additionalProperties trap </h2> <p>Most real validation work happens on objects. The three keywords you use every day are <code>properties</code>, <code>required</code>, and <code>additionalProperties</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"age"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"integer"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"verified"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"boolean"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"required"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"email"</span><span class="p">],</span><span class="w"> </span><span class="nl">"additionalProperties"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Three gotchas to internalize. First, <code>properties</code> describes each field but does NOT make any of them required. Without the <code>required</code> array, every property is optional. Second, <code>required</code> is a separate list of property names that must be present (presence only, you still need <code>type</code> to validate the value). Third, <code>additionalProperties: false</code> rejects any property not listed. Without this line, the schema accepts arbitrary extra fields silently. This was the bug that hit me — the partner was sending <code>email_address</code> instead of <code>email</code>, and without <code>additionalProperties: false</code> my schema accepted it as "no email + an unknown field."</p> <p>Set <code>additionalProperties: false</code> by default. Remove it only when you genuinely want a free-form object. For maps with arbitrary keys but a known value type, use it as a schema instead of a boolean:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"additionalProperties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>That validates any object where every value is a number. Perfect for price lookup tables, feature-flag percentages, or anything keyed dynamically.</p> <h2> String validation: minLength, pattern, format, enum </h2> <p>Real string validation goes beyond "is it a string." The keywords that earn their keep:</p> <ul> <li> <code>minLength</code> / <code>maxLength</code>, integer bounds on UTF-16 code units (not bytes, not graphemes)</li> <li> <code>pattern</code>, ECMA-262 regex the string must match somewhere (use <code>^...$</code> anchors for a full match)</li> <li> <code>format</code>, named formats like <code>email</code>, <code>uri</code>, <code>date</code>, <code>date-time</code>, <code>uuid</code>, <code>ipv4</code>, <code>ipv6</code> </li> <li> <code>enum</code>, a fixed list of allowed values (works for any type)</li> <li> <code>const</code>, a single allowed value (equivalent to a one-item enum)</li> </ul> <p>A practical username field:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">20</span><span class="p">,</span><span class="w"> </span><span class="nl">"pattern"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^[a-zA-Z0-9_]+$"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>One gotcha that cost me a day: <code>format</code> is informational by default in older drafts. You must enable format assertion in your validator. Ajv requires <code>ajv-formats</code>. Python <code>jsonschema</code> needs <code>format_checker</code>. Without it, <code>"format": "email"</code> documents intent but does not actually reject invalid emails. See the <a href="https://json-schema.org/understanding-json-schema/reference/string#format" rel="noopener noreferrer">JSON Schema spec for format</a> for the full list and the assertion behavior per draft.</p> <h2> Number validation: minimum, maximum, multipleOf </h2> <p>For numbers and integers, the validation keywords are arithmetic:</p> <ul> <li> <code>minimum</code> / <code>maximum</code>, inclusive bounds</li> <li> <code>exclusiveMinimum</code> / <code>exclusiveMaximum</code>, exclusive bounds (in Draft 2020-12 these take a number, in older drafts they took a boolean)</li> <li> <code>multipleOf</code>, the value must be a multiple of this number</li> </ul> <p>Validating a percentage that must be 0 to 100 in 0.01 increments:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minimum"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximum"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"multipleOf"</span><span class="p">:</span><span class="w"> </span><span class="mf">0.01</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><code>multipleOf</code> has a floating-point trap I keep getting wrong. 0.1 is not exactly representable in IEEE 754, so <code>{ "multipleOf": 0.1 }</code> will sometimes reject values you expect to pass. For money, I now store and validate as integer cents (<code>{ "type": "integer", "minimum": 0 }</code>). It is the same precision argument behind storing prices in the smallest currency unit everywhere else in the stack.</p> <h2> Array validation: items, minItems, uniqueItems </h2> <p>For arrays the workhorses are <code>items</code> (schema applied to every element), <code>minItems</code> / <code>maxItems</code> (length bounds), and <code>uniqueItems</code> (rejects duplicates by deep equality). A list of unique tags:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"array"</span><span class="p">,</span><span class="w"> </span><span class="nl">"items"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"minItems"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxItems"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w"> </span><span class="nl">"uniqueItems"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For positional tuples where each index has a different schema, use <code>prefixItems</code> in Draft 2020-12 or <code>items</code> as an array in older drafts. A coordinate pair where index 0 is longitude and index 1 is latitude:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"array"</span><span class="p">,</span><span class="w"> </span><span class="nl">"prefixItems"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minimum"</span><span class="p">:</span><span class="w"> </span><span class="mi">-180</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximum"</span><span class="p">:</span><span class="w"> </span><span class="mi">180</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"number"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minimum"</span><span class="p">:</span><span class="w"> </span><span class="mi">-90</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximum"</span><span class="p">:</span><span class="w"> </span><span class="mi">90</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"items"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The trailing <code>"items": false</code> rejects any extra elements beyond the two declared positions. The array equivalent of <code>additionalProperties: false</code>.</p> <h2> Schema composition: $ref, allOf, oneOf, anyOf </h2> <p>Once your schemas grow past a single page, you will want to break them up and combine them. JSON Schema has four composition keywords:</p> <ul> <li> <code>$ref</code>, reuse another schema by JSON Pointer (e.g., <code>"#/$defs/address"</code> or an external URL)</li> <li> <code>allOf</code>, data must validate against every subschema (intersection / mixin)</li> <li> <code>anyOf</code>, data must validate against at least one (union, OK if multiple match)</li> <li> <code>oneOf</code>, data must validate against exactly one (XOR, rejects if zero or multiple match)</li> </ul> <p>A reusable address schema referenced from two parents:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"$defs"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"address"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"street"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"city"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"country"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"required"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"street"</span><span class="p">,</span><span class="w"> </span><span class="s2">"city"</span><span class="p">,</span><span class="w"> </span><span class="s2">"country"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"shipping"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"#/$defs/address"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"billing"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"$ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"#/$defs/address"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For discriminated unions (event types, message kinds), <code>oneOf</code> with a <code>const</code> discriminator is the standard pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"oneOf"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"kind"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"const"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"to"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"format"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"required"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"kind"</span><span class="p">,</span><span class="w"> </span><span class="s2">"to"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"kind"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"const"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sms"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"phone"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"pattern"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^</span><span class="se">\\</span><span class="s2">+[1-9]</span><span class="se">\\</span><span class="s2">d{1,14}$"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"required"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"kind"</span><span class="p">,</span><span class="w"> </span><span class="s2">"phone"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> A real signup schema </h2> <p>Putting every keyword together, here is roughly the schema I now use for a signup endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"$schema"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://json-schema.org/draft/2020-12/schema"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SignupRequest"</span><span class="p">,</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"object"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"format"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">254</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="p">,</span><span class="w"> </span><span class="nl">"maxLength"</span><span class="p">:</span><span class="w"> </span><span class="mi">128</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"pattern"</span><span class="p">:</span><span class="w"> </span><span class="s2">"^[a-zA-Z0-9_]{3,20}$"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"age"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"integer"</span><span class="p">,</span><span class="w"> </span><span class="nl">"minimum"</span><span class="p">:</span><span class="w"> </span><span class="mi">13</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximum"</span><span class="p">:</span><span class="w"> </span><span class="mi">120</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"country"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"enum"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"US"</span><span class="p">,</span><span class="w"> </span><span class="s2">"UK"</span><span class="p">,</span><span class="w"> </span><span class="s2">"CA"</span><span class="p">,</span><span class="w"> </span><span class="s2">"AU"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"newsletter"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"boolean"</span><span class="p">,</span><span class="w"> </span><span class="nl">"default"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"referrals"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"array"</span><span class="p">,</span><span class="w"> </span><span class="nl">"items"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"string"</span><span class="p">,</span><span class="w"> </span><span class="nl">"format"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"maxItems"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"uniqueItems"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"required"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"email"</span><span class="p">,</span><span class="w"> </span><span class="s2">"password"</span><span class="p">,</span><span class="w"> </span><span class="s2">"username"</span><span class="p">,</span><span class="w"> </span><span class="s2">"age"</span><span class="p">,</span><span class="w"> </span><span class="s2">"country"</span><span class="p">],</span><span class="w"> </span><span class="nl">"additionalProperties"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>It enforces the email format with the 254-char maximum from RFC 5321, a 12-character minimum password from NIST SP 800-63B, a regex-validated username, an integer age within plausible bounds, a closed enum of supported countries, an optional boolean with a documented default, and an optional referral list capped at 5 unique emails. The trailing <code>additionalProperties: false</code> is the line that would have saved me three days and 12,000 rows two years ago.</p> <h2> Tooling: Ajv (Node) and jsonschema (Python) </h2> <p>Declare which draft you target with the <code>$schema</code> keyword at the root. The two production-grade validators I reach for:</p> <ul> <li> <strong><a href="https://ajv.js.org/" rel="noopener noreferrer">Ajv</a> for Node.js and browser</strong>, the fastest JS validator, supports Draft 2020-12. Install <code>ajv</code> and <code>ajv-formats</code> together if you use <code>format</code>. Compile schemas once at startup with <code>const validate = ajv.compile(schema)</code>, then call <code>validate(data)</code> on every request. This is 10 to 100 times faster than recompiling per call.</li> <li> <strong><code>jsonschema</code> for Python</strong>, the reference Python validator. Use <code>Draft202012Validator(schema).validate(data)</code> or iterate <code>.iter_errors(data)</code> to surface all errors at once instead of failing on the first.</li> </ul> <p>For quick iteration without writing code, I usually paste the schema and a sample payload into a <a href="https://calculators.im/json-formatter" rel="noopener noreferrer">JSON formatter</a> to confirm both parse, then run them through a browser-based validator. When debugging an unexpected failure, a <a href="https://calculators.im/diff-checker" rel="noopener noreferrer">diff checker</a> helps me compare a failing payload against a known-good payload to spot the offending field.</p> <h2> JSON Schema vs OpenAPI vs TypeScript </h2> <p>These three describe data shapes but solve different problems:</p> <ul> <li> <strong>TypeScript types</strong> are compile-time only. They vanish at runtime, so a malformed API payload will silently corrupt your program if you trust the type without validating. Great for developer ergonomics, useless for runtime safety.</li> <li> <strong>JSON Schema</strong> is runtime validation that works in any language. Use it at API boundaries, for config files, for database documents, and for any cross-language data contract. A single schema can drive validation in your Node frontend, Python backend, and Go worker without rewriting.</li> <li> <strong>OpenAPI</strong> (formerly Swagger) wraps JSON Schema inside an API description. It adds endpoints, methods, status codes, authentication, examples, and tooling for client SDK generation. Use it when you are describing an HTTP API and want documentation, client codegen, and validation in one document.</li> </ul> <p>The stack I default to now: write the JSON Schema as source of truth, generate TypeScript types from it with <code>json-schema-to-typescript</code>, and embed the same schema inside an OpenAPI spec for HTTP routes. One source, three outputs, no drift.</p> <h2> The mistakes I kept making </h2> <h3> 1. Forgetting <code>additionalProperties: false</code> </h3> <p>The original bug. Without it, any extra field passes validation. A client typo like <code>{ "emial": "x@y.com" }</code> validates as "no email present plus an unknown field" instead of the clean error you want. Add it by default.</p> <h3> 2. Confusing <code>required</code> with <code>type</code> </h3> <p>Listing a property under <code>properties</code> does NOT make it required. You must also add it to the <code>required</code> array. Conversely, <code>required</code> only checks presence. A wrong-type field still fails, but on the type check, not the required check.</p> <h3> 3. Using <code>format</code> without enabling assertion </h3> <p>In Ajv you must <code>require('ajv-formats')(ajv)</code>. In Python <code>jsonschema</code> pass <code>format_checker=FormatChecker()</code>. Without this, <code>format: email</code> is metadata only and accepts any string. I burned half a day on this one.</p> <h3> 4. <code>oneOf</code> where <code>anyOf</code> is correct </h3> <p><code>oneOf</code> rejects data that matches more than one subschema. If your subschemas overlap (a value that is both a positive integer and a multiple of 5), <code>oneOf</code> rejects. Use it only for genuinely disjoint cases like discriminated unions.</p> <h3> 5. <code>multipleOf</code> with floats </h3> <p>IEEE 754 cannot exactly represent 0.1. <code>{ "multipleOf": 0.1 }</code> will reject values you expect to pass. Use integer units (cents, basis points) instead.</p> <h3> 6. Recompiling schemas on every request </h3> <p>Ajv's <code>compile()</code> is expensive. The compiled validator is fast. Compile once at module load, store the function, reuse it.</p> <h2> Closing thought </h2> <p>JSON Schema looks verbose at first. Often the schema is longer than the data. That is the point. Every constraint you encode is one bug you cannot ship. Start with your top three API endpoints, then your config files, then your cross-service messages. Within a sprint you will catch at least one bug that would have made it to production.</p> <p>If you want a sandbox, try the <a href="https://json-schema.org/learn" rel="noopener noreferrer">JSON Schema Reference Tutorial</a> and an online validator like jsonschemavalidator.net. And if you ever debug a <code>pattern</code> validation that is misbehaving, a <a href="https://calculators.im/regex-tester" rel="noopener noreferrer">regex tester</a> is faster than guessing.</p> <p><em>Originally published at <a href="https://calculators.im/blog/json-schema-10-minutes-validation-types-ajv-examples-guide" rel="noopener noreferrer">calculators.im</a>.</em></p> json webdev javascript tutorial I Keep Forgetting Subnet Math — Here's the Cheat Sheet I Actually Use Anh Quân Nguyễn Tue, 19 May 2026 03:17:29 +0000 https://forem.com/anh_qunnguyn_57549060f/i-keep-forgetting-subnet-math-heres-the-cheat-sheet-i-actually-use-37o7 https://forem.com/anh_qunnguyn_57549060f/i-keep-forgetting-subnet-math-heres-the-cheat-sheet-i-actually-use-37o7 <p>I have been writing backend code for years and I still cannot tell you, off the top of my head, how many usable hosts are in a <code>/22</code>. Every time I open an AWS VPC config or a Kubernetes cluster blueprint, I do the same Google search: "subnet calculator", click whatever ranks first, type my CIDR, write down the answer. Then I forget all of it within a week.</p> <p>After the fourth or fifth time I had to look up whether <code>/27</code> gives me 30 or 32 usable IPs, I sat down and built a one-page cheat sheet for myself. This post is that cheat sheet, plus the few mental shortcuts that have actually stuck. If you ship to cloud and only touch subnet math a few times a year, this is the post I wish I had bookmarked.</p> <h2> The three numbers that matter </h2> <p>For any CIDR, only three numbers matter in practice:</p> <ol> <li> <strong>Block size</strong> — how many IPs total. Formula: <code>2^(32 − prefix)</code>. A <code>/24</code> has 256 addresses.</li> <li> <strong>Usable hosts</strong> — block size minus 2 (one for the network address, one for the broadcast). A <code>/24</code> has 254 usable.</li> <li> <strong>Magic number</strong> — <code>256 − mask_octet</code>. Tells you where the next subnet starts. For <code>/26</code> (mask <code>255.255.255.192</code>), the magic number is <code>64</code>, so subnets land at <code>.0</code>, <code>.64</code>, <code>.128</code>, <code>.192</code>.</li> </ol> <p>Memorize one table and you will never need to do binary math in your head again:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Prefix</th> <th>Block size</th> <th>Usable hosts</th> <th>Mask</th> <th>Magic</th> </tr> </thead> <tbody> <tr> <td>/22</td> <td>1,024</td> <td>1,022</td> <td>255.255.252.0</td> <td>4 (3rd octet)</td> </tr> <tr> <td>/23</td> <td>512</td> <td>510</td> <td>255.255.254.0</td> <td>2 (3rd octet)</td> </tr> <tr> <td>/24</td> <td>256</td> <td>254</td> <td>255.255.255.0</td> <td>—</td> </tr> <tr> <td>/25</td> <td>128</td> <td>126</td> <td>255.255.255.128</td> <td>128</td> </tr> <tr> <td>/26</td> <td>64</td> <td>62</td> <td>255.255.255.192</td> <td>64</td> </tr> <tr> <td>/27</td> <td>32</td> <td>30</td> <td>255.255.255.224</td> <td>32</td> </tr> <tr> <td>/28</td> <td>16</td> <td>14</td> <td>255.255.255.240</td> <td>16</td> </tr> <tr> <td>/29</td> <td>8</td> <td>6</td> <td>255.255.255.248</td> <td>8</td> </tr> <tr> <td>/30</td> <td>4</td> <td>2</td> <td>255.255.255.252</td> <td>4</td> </tr> </tbody> </table></div> <p>That is the entire subnet math for 99% of cloud work. Print it, tape it to your monitor, move on.</p> <h2> The magic number trick, with a worked example </h2> <p>Suppose someone gives you the IP <code>10.20.30.45/26</code> and asks for the network and broadcast addresses. No calculator, no binary conversion.</p> <ol> <li>Prefix is <code>/26</code>, so the magic number is <code>64</code>.</li> <li>Look at the last octet: <code>45</code>. Which multiple of 64 does it fall into? <code>0</code>, <code>64</code>, <code>128</code>, <code>192</code>. <code>45</code> is in the <code>0</code>–<code>63</code> block.</li> <li>Network address: <code>10.20.30.0</code>. Broadcast: <code>10.20.30.63</code> (one less than the next subnet, which would start at <code>.64</code>).</li> <li>Usable range: <code>10.20.30.1</code> to <code>10.20.30.62</code>.</li> </ol> <p>Same trick for prefixes that fall in the third octet. <code>10.20.30.45/22</code> → magic number is <code>4</code>, applied to the third octet. <code>30</code> falls in the <code>28</code>–<code>31</code> block (because <code>28</code> is the closest multiple of 4 at or below <code>30</code>). Network: <code>10.20.28.0</code>. Broadcast: <code>10.20.31.255</code>. Block spans four <code>/24</code>s.</p> <p>If your subnet boundaries do not look "round" — say <code>10.20.30.0/22</code> — that is a malformed CIDR. The network address must align to the magic number. <code>10.20.30.0</code> is not a valid <code>/22</code> start; <code>10.20.28.0/22</code> is.</p> <h2> Cloud-specific gotchas you will hit </h2> <p>The textbook subnet math is the easy part. What actually trips up cloud engineers is the platform-specific quirks layered on top.</p> <h3> AWS VPC </h3> <p>AWS reserves <strong>five</strong> addresses per subnet, not two. The network address, the broadcast, and three more: the VPC router, DNS, and a future-use address. So a <code>/28</code> AWS subnet has 11 usable IPs, not 14. This catches people every time they try to fit "exactly 14 EC2 instances" into a <code>/28</code> and run out of IPs at instance #12.</p> <p>VPC CIDR sizing also has hard limits: minimum <code>/28</code>, maximum <code>/16</code>. You can attach secondary CIDR blocks, but you cannot ever shrink a primary CIDR after creation. <strong>Always size up.</strong> A <code>/16</code> gives you 65,536 addresses for free; there is no cost penalty for picking a large VPC CIDR and no benefit to picking a tight one.</p> <h3> Kubernetes </h3> <p>A typical EKS or GKE cluster needs three separate CIDRs:</p> <ul> <li> <strong>Node CIDR</strong> — a subnet of the VPC, one IP per node (plus AWS's five). Size for max-nodes × 2.</li> <li> <strong>Pod CIDR</strong> — usually <code>10.244.0.0/16</code> (Flannel default) or <code>192.168.0.0/16</code> (Calico). Each node gets a <code>/24</code> slice (Flannel) so the cluster maxes out at 254 nodes with a <code>/16</code> pod CIDR. Larger clusters need <code>/12</code> or smaller per-node allocations.</li> <li> <strong>Service CIDR</strong> — usually <code>10.96.0.0/12</code> (kubeadm default). Sized for total Services, not Pods. A <code>/16</code> is overkill for most clusters; a <code>/20</code> is plenty.</li> </ul> <p>The most common k8s networking mistake is overlapping the pod CIDR with the VPC CIDR. Pick non-overlapping ranges from day one — renumbering pod CIDR in a running cluster is a recreate-the-cluster operation.</p> <h3> Docker </h3> <p>Docker's default bridge is <code>172.17.0.0/16</code>. The default <code>docker network create</code> allocates from <code>172.18.0.0/16</code> upward in <code>/24</code> chunks. If your corporate VPN also uses <code>172.x.x.x</code> ranges (very common), you will get phantom routing failures where Docker containers can reach the internet but cannot reach internal services. Reconfigure Docker's default address pools in <code>/etc/docker/daemon.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"default-address-pools"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="nl">"base"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10.99.0.0/16"</span><span class="p">,</span><span class="w"> </span><span class="nl">"size"</span><span class="p">:</span><span class="w"> </span><span class="mi">24</span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This carves Docker out of the <code>172.x</code> space and into a private <code>10.x</code> range your VPN almost certainly does not use.</p> <h2> Subnet math in code (Python and Go) </h2> <p>When you actually need to compute subnets programmatically — generating Terraform, validating user input, planning a migration — every modern language has a stdlib for this.</p> <p><strong>Python</strong> uses <code>ipaddress</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">ipaddress</span> <span class="c1"># Parse a network </span><span class="n">net</span> <span class="o">=</span> <span class="n">ipaddress</span><span class="p">.</span><span class="nf">ip_network</span><span class="p">(</span><span class="sh">"</span><span class="s">10.20.30.0/22</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">net</span><span class="p">.</span><span class="n">network_address</span><span class="p">)</span> <span class="c1"># 10.20.28.0 — auto-normalized! </span><span class="nf">print</span><span class="p">(</span><span class="n">net</span><span class="p">.</span><span class="n">broadcast_address</span><span class="p">)</span> <span class="c1"># 10.20.31.255 </span><span class="nf">print</span><span class="p">(</span><span class="n">net</span><span class="p">.</span><span class="n">num_addresses</span><span class="p">)</span> <span class="c1"># 1024 </span><span class="nf">print</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="nf">list</span><span class="p">(</span><span class="n">net</span><span class="p">.</span><span class="nf">hosts</span><span class="p">())))</span> <span class="c1"># 1022 — excludes network + broadcast </span> <span class="c1"># Check if an IP is in a subnet </span><span class="n">ip</span> <span class="o">=</span> <span class="n">ipaddress</span><span class="p">.</span><span class="nf">ip_address</span><span class="p">(</span><span class="sh">"</span><span class="s">10.20.29.50</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">ip</span> <span class="ow">in</span> <span class="n">net</span><span class="p">)</span> <span class="c1"># True </span> <span class="c1"># Subdivide a /22 into /24s </span><span class="k">for</span> <span class="n">sub</span> <span class="ow">in</span> <span class="n">net</span><span class="p">.</span><span class="nf">subnets</span><span class="p">(</span><span class="n">new_prefix</span><span class="o">=</span><span class="mi">24</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="n">sub</span><span class="p">)</span> <span class="c1"># 10.20.28.0/24 # 10.20.29.0/24 # 10.20.30.0/24 # 10.20.31.0/24 </span> <span class="c1"># Detect overlap (catches the VLSM mistake from earlier) </span><span class="n">a</span> <span class="o">=</span> <span class="n">ipaddress</span><span class="p">.</span><span class="nf">ip_network</span><span class="p">(</span><span class="sh">"</span><span class="s">10.0.0.0/25</span><span class="sh">"</span><span class="p">)</span> <span class="n">b</span> <span class="o">=</span> <span class="n">ipaddress</span><span class="p">.</span><span class="nf">ip_network</span><span class="p">(</span><span class="sh">"</span><span class="s">10.0.0.64/26</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">.</span><span class="nf">overlaps</span><span class="p">(</span><span class="n">b</span><span class="p">))</span> <span class="c1"># True </span></code></pre> </div> <p>Note: passing <code>strict=False</code> to <code>ip_network</code> lets you parse <code>10.20.30.0/22</code> (a malformed CIDR — <code>.30</code> is not the network address). With <code>strict=True</code> (the default since Python 3.9) it raises <code>ValueError</code>. Use <code>strict=True</code> in production input validation; the explicit error is far more useful than a silently-corrected network.</p> <p><strong>Go</strong> uses <code>net/netip</code> (Go 1.18+):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/netip"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">prefix</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">netip</span><span class="o">.</span><span class="n">ParsePrefix</span><span class="p">(</span><span class="s">"10.20.30.0/22"</span><span class="p">)</span> <span class="c">// Normalize to actual network address</span> <span class="n">prefix</span> <span class="o">=</span> <span class="n">prefix</span><span class="o">.</span><span class="n">Masked</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">prefix</span><span class="o">.</span><span class="n">Addr</span><span class="p">())</span> <span class="c">// 10.20.28.0</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">prefix</span><span class="o">.</span><span class="n">Bits</span><span class="p">())</span> <span class="c">// 22</span> <span class="n">ip</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">netip</span><span class="o">.</span><span class="n">ParseAddr</span><span class="p">(</span><span class="s">"10.20.29.50"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">prefix</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">ip</span><span class="p">))</span> <span class="c">// true</span> <span class="p">}</span> </code></pre> </div> <p>The older <code>net.IPNet</code> API still works but <code>net/netip</code> is value-typed, allocation-free, and the recommended choice for new code.</p> <h2> A 30-second AWS CLI sanity check </h2> <p>When debugging "why can't my EC2 instance reach this other EC2 instance," step one is always: are they on subnets that route to each other? Quick CLI check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># List subnets with their CIDRs in the current VPC</span> aws ec2 describe-subnets <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'Subnets[*].[SubnetId,CidrBlock,AvailabilityZone]'</span> <span class="se">\</span> <span class="nt">--output</span> table <span class="c"># Check route table for a subnet</span> aws ec2 describe-route-tables <span class="se">\</span> <span class="nt">--filters</span> <span class="nv">Name</span><span class="o">=</span>association.subnet-id,Values<span class="o">=</span>subnet-abc123 <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'RouteTables[*].Routes'</span> <span class="se">\</span> <span class="nt">--output</span> table </code></pre> </div> <p>If two subnets are in the same VPC and the route tables both have <code>local</code> routes for the VPC CIDR, they can reach each other (assuming security groups and NACLs allow). Most "why no connectivity" tickets resolve here.</p> <h2> Three mistakes I have personally shipped to production </h2> <p><strong>Subnet too small.</strong> A <code>/28</code> for "we only need 10 instances" — then AWS takes 5, leaving 11. Add a load balancer, add scaling, you are out of IPs. Always start at <code>/24</code> for any production subnet unless you have a hard reason not to.</p> <p><strong>Pod CIDR overlapping VPC CIDR.</strong> Created a GKE cluster with default pod CIDR <code>10.0.0.0/14</code> inside a VPC at <code>10.0.0.0/16</code>. Cluster came up, pods on the same node could reach each other, pods on different nodes silently dropped traffic. Three hours debugging later: pick non-overlapping CIDRs.</p> <p><strong>Forgot AWS's 5 reserved IPs.</strong> Provisioned 14 EC2 instances in a fresh <code>/28</code>. First 11 launched fine, the rest failed with <code>InsufficientFreeAddressesInSubnet</code>. The fix is <code>/27</code> (32 addresses, 27 usable after AWS reservations).</p> <h2> Closing — make subnet math boring </h2> <p>The whole point of the cheat sheet is that subnet math should be boring. You should not have to think about it. You should be able to glance at a CIDR, know the block size and the magic number, and move on to whatever interesting problem you were actually trying to solve.</p> <p>If you need to verify a non-trivial CIDR or plan a VLSM allocation across multiple subnets, I built a free <a href="https://calculators.im/subnet-calculator" rel="noopener noreferrer">subnet calculator</a> that handles IPv4, IPv6, and VLSM planning. There's also a <a href="https://calculators.im/blog/subnet-calculator-guide-cidr-vlsm-ipv4-ipv6-network-math" rel="noopener noreferrer">longer-form guide on the math behind CIDR, VLSM, and IPv6 subnetting</a> if you want to go deeper than this cheat sheet.</p> <p>The tool is free, no signup, no tracking. If it saves you a Google search next quarter, that is the entire goal.</p> <p><em>Cross-posted with canonical from <a href="https://calculators.im/blog/subnet-calculator-guide-cidr-vlsm-ipv4-ipv6-network-math" rel="noopener noreferrer">calculators.im</a>.</em></p> networking devops aws kubernetes Lessons Learned Building 270+ Online Calculators: A Developer's Deep Dive Anh Quân Nguyễn Tue, 21 Apr 2026 10:26:03 +0000 https://forem.com/anh_qunnguyn_57549060f/lessons-learned-building-270-online-calculators-a-developers-deep-dive-3nhf https://forem.com/anh_qunnguyn_57549060f/lessons-learned-building-270-online-calculators-a-developers-deep-dive-3nhf <p>When I started building <a href="https://calculators.im" rel="noopener noreferrer">calculators.im</a>, I thought it would be a simple project — create a few calculator pages, deploy, done. Two years and 270+ calculators later, I've learned more about web performance, SEO, and product scaling than I ever expected. Here's everything I wish someone had told me before I started.</p> <h2> The Project: What Is calculators.im? </h2> <p><a href="https://calculators.im" rel="noopener noreferrer">calculators.im</a> is a collection of 270+ free online calculators covering everything from finance (mortgage, compound interest, ROI) to health (BMI, calorie needs, pregnancy due date) to math (scientific, percentage, fractions) and beyond.</p> <p>The tech stack: <strong>Go</strong> for the backend, <strong>HTMX</strong> for interactivity, <strong>Tailwind CSS</strong> for styling, <strong>Redis</strong> for caching, and <strong>NGINX + Cloudflare</strong> for serving.</p> <h2> Lesson 1: SEO Is 80% of Your Traffic — Treat It as a Feature </h2> <p>I originally thought "build good calculators and they'll come." Wrong.</p> <p>The reality: calculator sites are brutally competitive. There are dozens of sites competing for every keyword like "mortgage calculator" or "BMI calculator." Here's what actually works:</p> <p><strong>Target long-tail keywords over short ones.</strong> Instead of competing for "loan calculator" (dominated by Bankrate, NerdWallet), target "car loan calculator with extra payments" or "loan calculator with balloon payment." Lower competition, still significant volume.</p> <p><strong>Schema markup is non-negotiable.</strong> Adding <code>WebApplication</code> and <code>FAQPage</code> schema to each calculator dramatically increased click-through rates. Google often shows rich results in SERPs for tool pages with proper schema.</p> <p><strong>Page speed = ranking factor for tools.</strong> Users expect calculators to respond instantly. Every 100ms of latency costs you. With Go + HTMX, our Time to First Byte (TTFB) is under 50ms globally thanks to Cloudflare caching.</p> <h2> Lesson 2: HTMX Was the Right Bet — But Has Trade-offs </h2> <p>Choosing HTMX over React was controversial when I started. Here's the honest verdict after building 270 pages:</p> <p><strong>Wins:</strong></p> <ul> <li>Zero client-side hydration = better Core Web Vitals (LCP, CLS)</li> <li>SEO-friendly by default — all content is server-rendered</li> <li>Bundle size: ~14kb for htmx vs 130kb+ for a React app</li> <li>Simpler mental model: HTML attributes over JavaScript state management</li> </ul> <p><strong>Trade-offs:</strong></p> <ul> <li>Complex interactions (real-time charts, drag-and-drop) require either Hyperscript or vanilla JS alongside HTMX</li> <li>The community is smaller than React's, so fewer StackOverflow answers</li> <li>Some HTMX patterns feel verbose for highly dynamic UIs</li> </ul> <p><strong>Would I choose HTMX again?</strong> Yes — especially for content-heavy tool sites where SEO matters. For a complex SaaS dashboard, I'd reconsider.</p> <h2> Lesson 3: Go Is Overkill for Small Projects — Perfect for Scale </h2> <p>Go was genuinely the right choice, but not for the reasons I expected:</p> <p><strong>Memory footprint:</strong> Our entire server runs on a $6/month VPS and handles thousands of daily visits with ~30MB RAM usage. A Node.js equivalent would use 5-10x more memory.</p> <p><strong>Compilation catches bugs early.</strong> Go's strict type system eliminated an entire category of runtime errors that plague dynamic-language projects.</p> <p><strong>Single binary deployment.</strong> <code>go build</code>, rsync to server, restart. No npm install, no dependency conflicts, no environment issues.</p> <p><strong>The unexpected lesson:</strong> Go forces you to be explicit about error handling. At first this feels tedious (<code>if err != nil</code> everywhere), but it makes your code dramatically more reliable in production.</p> <h2> Lesson 4: Calculator UX Is Harder Than It Looks </h2> <p>Building a "simple" calculator that delights users involves surprisingly subtle decisions:</p> <p><strong>Input formatting:</strong> Users expect numbers to auto-format (1000 → 1,000) as they type. Implementing this with HTMX + Go required careful input sanitization to avoid formatting conflicts.</p> <p><strong>Instant results:</strong> Never make users click a "Calculate" button. Use HTMX's <code>hx-trigger="input"</code> to recalculate on every keystroke. Users expect calculator-app behavior from web calculators.</p> <p><strong>Mobile-first number inputs:</strong> On mobile, use <code>inputmode="decimal"</code> rather than <code>type="number"</code>. The decimal keyboard is much better than the native number input's spinner interface for financial inputs.</p> <p><strong>Error states matter:</strong> When a user enters invalid input (letters in a number field, negative age, etc.), show clear, friendly error messages in context — not a page-level alert.</p> <h2> Lesson 5: The Content Around the Calculator Matters More Than the Calculator </h2> <p>This was my biggest revelation: the page content surrounding the calculator is more important for SEO than the calculator itself.</p> <p>Every calculator page on <a href="https://calculators.im" rel="noopener noreferrer">calculators.im</a> includes:</p> <ul> <li>A 500-800 word explanation of the formula and methodology</li> <li>A worked example with real numbers</li> <li>An FAQ section targeting "People Also Ask" queries</li> <li>A table of common values for reference</li> </ul> <p>This content strategy is what earns backlinks, ranks for informational queries, and keeps users on the page longer — all positive signals.</p> <h2> Lesson 6: Redis Caching Saved Us at Scale </h2> <p>When a Reddit post linked to our <a href="https://calculators.im/percentage-calculator" rel="noopener noreferrer">percentage calculator</a>, we got ~8,000 visits in 2 hours. Without Redis caching:</p> <ul> <li>Every request would hit Go and render the page fresh</li> <li>At 8,000 req/hr, that's manageable but wasteful</li> </ul> <p>With Redis:</p> <ul> <li>Static page HTML is cached for 1 hour</li> <li>Dynamic calculation results are cached by input parameters</li> <li>Cache hit rate during the spike: 94%</li> <li>P99 response time during the spike: 18ms</li> </ul> <p>The caching strategy: cache at two layers — page-level (full HTML response via Cloudflare) and calculation-level (Redis for computed results with the same inputs).</p> <h2> Lesson 7: Build the Infrastructure Once, Deploy 270 Times </h2> <p>The most important architectural decision was treating calculators as data, not code.</p> <p>Each calculator is defined by a YAML config file:</p> <ul> <li>Input fields with types, labels, validation rules</li> <li>Formula as a Go expression</li> <li>Output formatting</li> <li>SEO metadata</li> </ul> <p>The Go backend reads these configs and generates both the HTML and the calculation logic dynamically. Adding a new calculator takes about 15 minutes — write the YAML, write the formula, deploy.</p> <p>This approach let us go from 10 calculators to 270+ without a linear increase in development time.</p> <h2> What I'd Do Differently </h2> <ol> <li> <strong>Start with the content strategy, not the calculator.</strong> Write the explanatory content first, then build the tool around it.</li> <li> <strong>Add structured data from day 1.</strong> Retrofitting schema markup to 270 pages was painful.</li> <li> <strong>Build analytics from the start.</strong> Understanding which calculators get used heavily vs. which ones are ignored shapes your roadmap.</li> </ol> <h2> The Stack in Summary </h2> <ul> <li> <strong>Backend:</strong> Go — fast, cheap to run, rock-solid</li> <li> <strong>Frontend interactivity:</strong> HTMX — SEO-friendly, tiny footprint</li> <li> <strong>Styling:</strong> Tailwind CSS — consistent, maintainable</li> <li> <strong>Caching:</strong> Redis — essential at any meaningful scale</li> <li> <strong>Infrastructure:</strong> NGINX + Cloudflare — global performance, free DDoS protection</li> </ul> <p>If you're building a similar tool site, I hope this saves you some of the trial and error. Check out <a href="https://calculators.im" rel="noopener noreferrer">calculators.im</a> to see what 270 calculators looks like in practice.</p> <p>What questions do you have? Drop them in the comments — happy to go deeper on any of these lessons.</p> webdev go seo programming