Backend Development

API Design

RESTful Conventions

GET /users # List users POST /users # Create user GET /users/:id # Get user PUT /users/:id # Update user (full) PATCH /users/:id # Update user (partial) DELETE /users/:id # Delete user

GET /users/:id/posts # List user's posts POST /users/:id/posts # Create post for user

Response Format

{ "data": { ... }, "meta": { "page": 1, "per_page": 20, "total": 100 } }

Error Format

{ "error": { "code": "VALIDATION_ERROR", "message": "Invalid input", "details": [ { "field": "email", "message": "Invalid format" } ] } }

Database Patterns

Schema Design

-- Use UUIDs for public IDs CREATE TABLE users ( id SERIAL PRIMARY KEY, public_id UUID DEFAULT gen_random_uuid() UNIQUE, email VARCHAR(255) UNIQUE NOT NULL, created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW() );

-- Soft deletes ALTER TABLE users ADD COLUMN deleted_at TIMESTAMPTZ;

-- Indexes CREATE INDEX idx_users_email ON users(email); CREATE INDEX idx_users_created ON users(created_at DESC);

Query Patterns

-- Pagination with cursor SELECT * FROM posts WHERE created_at < $cursor ORDER BY created_at DESC LIMIT 20;

-- Efficient counting SELECT reltuples::bigint AS estimate FROM pg_class WHERE relname = 'users';

Authentication

JWT Pattern

interface TokenPayload { sub: string; // User ID iat: number; // Issued at exp: number; // Expiration scope: string[]; // Permissions }

function verifyToken(token: string): TokenPayload { return jwt.verify(token, SECRET) as TokenPayload; }

Middleware

async function authenticate(req: Request, res: Response, next: Next) { const token = req.headers.authorization?.replace('Bearer ', ''); if (!token) { return res.status(401).json({ error: 'Unauthorized' }); }

try { req.user = verifyToken(token); next(); } catch { res.status(401).json({ error: 'Invalid token' }); } }

Caching Strategy

// Cache-aside pattern async function getUser(id: string): Promise<User> { const cached = await redis.get(user:${id}); if (cached) return JSON.parse(cached);

const user = await db.users.findById(id); await redis.setex(user:${id}, 3600, JSON.stringify(user)); return user; }

// Cache invalidation async function updateUser(id: string, data: Partial<User>) { await db.users.update(id, data); await redis.del(user:${id}); }

Rate Limiting

const limiter = rateLimit({ windowMs: 60 * 1000, // 1 minute max: 100, // 100 requests per window keyGenerator: (req) => req.ip, handler: (req, res) => { res.status(429).json({ error: 'Too many requests' }); } });

Observability

• Logging: Structured JSON logs with request IDs

• Metrics: Request latency, error rates, queue depths

• Tracing: Distributed tracing with correlation IDs

• Health checks: /health and /ready endpoints