Backend Implementation Patterns

Production-ready patterns for building robust, scalable backend APIs.

API Design Patterns

RESTful Endpoints

// Resource-based routing
app.get('/api/users', getUsers);           // List
app.get('/api/users/:id', getUserById);    // Get
app.post('/api/users', createUser);        // Create
app.put('/api/users/:id', updateUser);     // Update
app.delete('/api/users/:id', deleteUser);  // Delete

// Nested resources
app.get('/api/users/:id/posts', getUserPosts);
app.post('/api/users/:id/posts', createUserPost);

Request/Response Pattern

interface APIResponse<T> {
  success: boolean;
  data?: T;
  error?: {
    code: string;
    message: string;
    details?: any;
  };
  meta?: {
    page?: number;
    limit?: number;
    total?: number;
  };
}

async function handleRequest<T>(
  handler: () => Promise<T>
): Promise<APIResponse<T>> {
  try {
    const data = await handler();
    return { success: true, data };
  } catch (error) {
    return {
      success: false,
      error: {
        code: error.code || 'INTERNAL_ERROR',
        message: error.message,
      }
    };
  }
}

Validation Layer

import { z } from 'zod';

const CreateUserSchema = z.object({
  email: z.string().email(),
  name: z.string().min(2).max(100),
  age: z.number().int().min(18).optional(),
});

app.post('/api/users', async (req, res) => {
  const validation = CreateUserSchema.safeParse(req.body);
  
  if (!validation.success) {
    return res.status(400).json({
      success: false,
      error: {
        code: 'VALIDATION_ERROR',
        message: 'Invalid request data',
        details: validation.error.errors
      }
    });
  }
  
  const user = await userService.create(validation.data);
  res.status(201).json({ success: true, data: user });
});

Authentication Patterns

JWT Authentication

import jwt from 'jsonwebtoken';

// Generate token
function generateToken(userId: string) {
  return jwt.sign(
    { userId },
    process.env.JWT_SECRET!, // allow-secret
    { expiresIn: '7d' }
  );
}

// Middleware
async function authenticateToken(req, res, next) {
  const token = req.headers.authorization?.split(' ')[1];  // allow-secret
  
  if (!token) {
    return res.status(401).json({
      success: false,
      error: { code: 'UNAUTHORIZED', message: 'Missing token' }
    });
  }
  
  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET!); // allow-secret
    req.userId = decoded.userId;
    next();
  } catch (error) {
    return res.status(401).json({
      success: false,
      error: { code: 'INVALID_TOKEN', message: 'Invalid or expired token' }
    });
  }
}

Error Handling

Custom Error Classes

class AppError extends Error {
  constructor(
    public statusCode: number,
    public code: string,
    message: string,
    public details?: any
  ) {
    super(message);
    this.name = 'AppError';
  }
}

class NotFoundError extends AppError {
  constructor(resource: string) {
    super(404, 'NOT_FOUND', `${resource} not found`);
  }
}

class ValidationError extends AppError {
  constructor(details: any) {
    super(400, 'VALIDATION_ERROR', 'Validation failed', details);
  }
}

Error Handling Middleware

app.use((error, req, res, next) => {
  console.error('Error:', error);
  
  if (error instanceof AppError) {
    return res.status(error.statusCode).json({
      success: false,
      error: {
        code: error.code,
        message: error.message,
        details: error.details
      }
    });
  }
  
  res.status(500).json({
    success: false,
    error: {
      code: 'INTERNAL_ERROR',
      message: 'An unexpected error occurred'
    }
  });
});

Data Access Layer

Repository Pattern

interface Repository<T> {
  find Find(filters: any): Promise<T[]>;
  findById(id: string): Promise<T | null>;
  create(data: Partial<T>): Promise<T>;
  update(id: string, data: Partial<T>): Promise<T>;
  delete(id: string): Promise<void>;
}

class UserRepository implements Repository<User> {
  async findById(id: string): Promise<User | null> {
    return db.user.findUnique({ where: { id } });
  }
  
  async create(data: Partial<User>): Promise<User> {
    return db.user.create({ data });
  }
  
  // ... other methods
}

Rate Limiting

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100, // 100 requests per window
  message: { success: false, error: { code: 'RATE_LIMIT', message: 'Too many requests' }}
});

app.use('/api/', limiter);

Integration Points

Complements:

• api-design-patterns: For API structure
• postgres-advanced-patterns: For data layer
• security-implementation-guide: For security
• tdd-workflow: For testing

---

Related Skills

Complementary Skills (Use Together)

• api-design-patterns - Design your API structure before implementing
• postgres-advanced-patterns - Advanced database patterns for the data layer
• testing-patterns - Write tests for your API endpoints
• deployment-cicd - Deploy your backend services

Alternative Skills (Similar Purpose)

• nextjs-fullstack-patterns - If building with Next.js App Router

Prerequisite Skills (Learn First)

• api-design-patterns - Understanding API design helps structure implementations