API docs get attention. The frontend/API contract usually doesn't.
TypeScript helps, but types lie without runtime validation. The API returns an unexpected null, a renamed field, an edge case you never tested and your types had no idea.
Zod fixes this. Parse at the boundary. If the API changes shape, you catch it at the schema. Not in a Sentry alert a week later.
We do this with Next.js Server Actions too. The server/client boundary is the natural place to validate. Keep the schema next to the call.
Documentation problem and type-safety problem are usually the same problem.