Currently there is no way for a developer to reject badly formed network configuration before it is added to the config hierarchy. The only option right now is to verify the configuration when it is read.
(By 'badly formed', I mean correct JSON but values that don't make sense according to the semantics of the configuration. For example, a random string in a field that expects a network subnet in the form "a.b.c.d/x").
This could create problems where an application is running based on some configuration, then a user pushes badly formed config to the system which would automatically be inserted into the config hierarchy. Then when the application tries to read the configuration, suddenly it finds it does not have coherent config to use, but the configuration in the network config system has already changed.