JSON Basics: A Beginner-Friendly Guide to the Web’s Data Format
JSON — JavaScript Object Notation — is how the modern web exchanges data. Every API response, configuration file, and webhook payload you will ever debug is probably JSON. The format is small enough to learn completely in ten minutes, and strict enough that a missing comma can break a deployment.
The Six Data Types
JSON supports exactly six types: strings (in double quotes), numbers (integer or decimal, no leading zeros), booleans (true/false), null, arrays (ordered lists in square brackets), and objects (key-value maps in curly braces). Everything else — dates, functions, undefined — must be represented using these six, which is why dates travel as ISO strings like "2026-01-26T10:00:00Z".
Objects and arrays nest freely, letting JSON represent arbitrarily complex structures: an object containing an array of objects is the shape of virtually every API list response.
The Rules That Trip Everyone Up
JSON is stricter than JavaScript. Keys must be double-quoted ({"name": "Ada"}, never {name: "Ada"}). Single quotes are invalid everywhere. Trailing commas are forbidden. Comments do not exist in standard JSON. Special characters inside strings must be escaped: \" for quotes, \n for newlines, \\ for backslashes.
These rules exist so that any parser in any language produces identical results. When a parser reports "unexpected token at position 47", the actual mistake is almost always at or just before that position — typically a trailing comma or a stray quote.
JSON vs XML vs YAML
JSON displaced XML for APIs because it is less verbose and maps directly onto the data structures of every mainstream language. XML survives in document-centric domains and enterprise systems. YAML, a superset of JSON that adds comments and whitespace-based nesting, dominates configuration files (Kubernetes, CI pipelines) but its flexibility makes it easier to write ambiguous documents — which is why data interchange stayed with JSON.
A practical workflow tip: when hand-editing JSON, run it through a validator before deploying. The five seconds of validation saves the twenty minutes of debugging a crashed service that failed to parse its own config.