Sanitizing User Input to APIs

I am building an API for a site in Node JS. The front-end of the site is built using React. Does anyone know how Square sanitizes inputs to their APIs? I am specifically working with the customers, orders, and payments APIs right now, but this applies to all the endpoints they expose. I am ingesting form data and am currently implementing middleware to check for SQL/NoSQL injections because I do not know what Square is using on their backend. I figure its just better to be safe and safeguard against a range of potential attacks regardless of what DB/Server Square is running on. I was hoping for some more information to help guide what I should be looking for. If anyone has any info that would be super helpful. Thanks!

Wanted to provide an update. I’m waiting on a response from the team. :slightly_smiling_face: