In previous projects I worked on, our API would take and validate each POST argument individually by value:
$username = isset($_POST['username']) ? $_POST["username"] : null;
$password = isset($_POST['password']) ? $_POST["password"] : null;
Multidimensional arrays can be a bit tricky this way, though.
For a new project, I am consider a more object-oriented approach, and taking the JSON needed to construct objects instead of each individual field:
$user = isset($_POST['user']) ? new User($_POST['user']) : null;
Which practice is more common, and why? Are there extra security risks using one or the other?