Glossary
Security

What is a JSON Document?

Structured data file using key-value pairs, arrays, strings, numbers, booleans, null. Lingua franca of APIs, configs, databases, and data interchange.

What is a JSON document?

A JSON document is a piece of structured data formatted in JavaScript Object Notation (JSON) — a lightweight text-based format that humans can read and machines can parse. JSON has become the lingua franca of data interchange on the modern web: APIs return JSON, configuration files use JSON, document databases store JSON, build tools accept JSON, deployment manifests use JSON. If you're touching software in 2026, you're touching JSON documents constantly.

Despite the JavaScript in its name, JSON is language-independent. Python, Go, Rust, Java, C#, PHP, Ruby — every modern language has built-in or near-standard JSON parsing. The format is described by RFC 8259 (and ECMA-404), making it one of the most stable data formats in current use.

The six JSON value types

A JSON document is built from exactly these six types — no more, no fewer:

  • Object: { "key": value, ... } — unordered set of key-value pairs. Keys are always strings.
  • Array: [ value, value, ... ] — ordered list of values.
  • String: "hello" — UTF-8 text in double quotes. Forward slashes can be escaped optionally; backslashes and quotes must be escaped.
  • Number: 42, 3.14, 1e10, -7 — decimal numbers. JSON does NOT distinguish int vs. float at the format level.
  • Boolean: true or false — lowercase, no quotes.
  • Null: null — explicitly the absence of a value.

That's it. No dates, no UUIDs, no binary blobs, no comments. Anything beyond these types is convention layered on top (ISO 8601 dates as strings, base64-encoded binary as strings, etc.).

A canonical JSON document

{
  "id": "order_42",
  "customer": {
    "name": "Alice",
    "email": "alice@example.com",
    "verified": true
  },
  "items": [
    { "sku": "WIDGET-1", "qty": 2, "price": 9.99 },
    { "sku": "GIZMO-7", "qty": 1, "price": 19.95 }
  ],
  "total": 39.93,
  "shipped_at": null,
  "tags": ["priority", "gift"]
}

Every value is one of the six types. The structure can nest arbitrarily deep, and the same shape will parse identically in any language with a JSON library.

JSON in production: where you'll meet it

  • REST APIs — request bodies and response bodies are usually JSON. Content type application/json.
  • Configuration filespackage.json (Node), tsconfig.json (TypeScript), composer.json (PHP), cargo.toml (Rust uses TOML, but most JS-adjacent ecosystems are JSON).
  • NoSQL databases — MongoDB stores BSON (binary JSON). Couchbase, DynamoDB, Firestore all expose document-shaped APIs.
  • Logging — structured logging emits one JSON object per log line (newline-delimited JSON, NDJSON).
  • JSON Schema — describing JSON shapes for validation. Used widely in OpenAPI, AJV (JS validator), and many tooling pipelines.
  • JSON-LD — JSON for Linked Data. Used for SEO structured data (FAQPage, BreadcrumbList, Article), the format Google uses for rich snippets.
  • Cloud manifests — AWS CloudFormation, Kubernetes resources (when authored via JSON), Terraform state files.

JSON gotchas everyone hits eventually

  • No trailing commas allowed. {"a":1,} is invalid JSON. JavaScript objects allow trailing commas; JSON does not. Common source of "my JSON won't parse" frustration.
  • No comments. Pure JSON has no // or /* */. Workarounds: JSON5, JSONC, or just embed comments as "_comment" keys (and remember to strip them before strict parsers).
  • Numbers can lose precision. JavaScript's JSON.parse stores all numbers as IEEE 754 doubles. Integers larger than 2^53-1 (9,007,199,254,740,991) lose precision. For 64-bit IDs from databases, serialize as strings.
  • Dates are not a type. Always serialize as ISO 8601 strings ("2026-05-07T08:22:00Z") or Unix timestamps (numbers). Both ends agree on which.
  • Duplicate keys are technically valid but undefined behavior. Most parsers take the last value. Don't write JSON with duplicate keys.
  • UTF-8 only. JSON is UTF-8 by default. Other encodings (UTF-16, Latin-1) will cause issues — convert to UTF-8 at the boundary.
  • Whitespace doesn't matter for parsing but matters for diffing. Pretty-printed JSON diffs are vastly more readable than minified. Use a formatter (jq ., JSON.stringify(x, null, 2)) before commits.
  • Field ordering is not significant. Two JSON documents with the same keys in different order are semantically identical. Tools like jq -S sort keys for canonical comparison.

JSON vs. other data formats

FormatBest forTradeoffs
JSONAPIs, configs, document databasesVerbose, no comments, no dates
YAMLHuman-edited configs (CI, K8s)Whitespace-sensitive, edge cases
TOMLApp configs (Rust, Python)Less ecosystem support
XMLDocument markup, legacy enterpriseVerbose, complex parsing
Protocol BuffersHigh-throughput RPC (gRPC)Binary, requires schema
MessagePackCompact JSON-equivalent binarySmaller, less debuggable
BSONMongoDB internal storageAdds binary, date types to JSON

FAQ: JSON Documents

What's the difference between JSON and JavaScript objects?

JSON is a strict subset of JavaScript object literal syntax. Pure JSON requires double-quoted keys; JavaScript allows unquoted or single-quoted keys. JSON allows no functions, no undefined, no comments. JSON.parse validates the strict form.

How do I validate JSON?

Online: jsonlint.com. CLI: jq . file.json (parses + pretty-prints, errors on invalid). For schema validation: AJV (JS), python-jsonschema, JSON Schema Validator.

How big can a JSON document be?

The format imposes no limit. Practical limits come from parsers (some allocate full document in RAM) and APIs (Cloudflare 100MB, AWS API Gateway 10MB, most CDNs ~10MB). For larger data, use NDJSON streaming or move to Protocol Buffers/Parquet.

JSON vs. JSON Lines (NDJSON)?

NDJSON is one valid JSON document per line. Used for streaming and append-only logs — you can parse line by line without loading everything. Standard JSON arrays require loading the whole array first.

What's JSON Schema?

A JSON-based format for describing what a valid JSON document looks like (required fields, types, constraints). Used for API validation, IDE autocompletion (look up your package.json in VS Code), and config validation.

Should I use JSON or YAML for configs?

For machine-generated configs (build outputs, locks): JSON. For hand-written configs where readability and comments matter (CI workflows, K8s manifests): YAML. The line is fuzzy and ecosystem-dependent.

Why does JSON not have a date type?

Because the original spec was minimal and JavaScript dates have timezone complications. The convention is to serialize dates as ISO 8601 strings; modern parsers can revive them as Date objects via custom logic.

How LoadFocus relates to JSON in production

JSON documents move through every layer of modern web apps — request payloads, response bodies, log entries. LoadFocus API load testing validates JSON endpoints handle realistic concurrent payloads without serialization bottlenecks. API monitoring validates response shapes via JSON Schema assertions, catching drift when an API silently drops a field.

Related LoadFocus Tools

Put this concept into practice with LoadFocus — the same platform that powers everything you just read about.

Free Website Speed Test

Analyze your website's load speed and improve its performance with our free page speed checker.

Free Load Testing Tool

Configure and run load tests in less than 60 seconds with our free load testing tool. No coding required, runs directly from your browser.

API Monitoring

Monitor API uptime, latency, and response correctness from 25+ cloud regions. Alerts on failures, breakdowns by status code and endpoint. Free tier.

How fast is your website?

Elevate its speed and SEO seamlessly with our Free Speed Test.
Start for free*No credit card required.

Free Website Speed Test

Analyze your website's load speed and improve its performance with our free page speed checker.

Start for free*No credit card required.
×