API Design in Node with Express v3

Scott Moss & FrontEnd Masters

Intro and tools

What is an API

  • Application programming interface
  • The name is used EVERYWHERE
  • Usually a server on some remote machine that dictates how another application can interact with with some data
  • Basic data operations like, Create, Read, Update, Destroy (CRUD)

tldr; a server that creates an HTTP interface for interacting with some data

What about REST?

  • An API design that combines DB resources, route paths, and HTTP verbs to allow applications describe what action they are trying to perform
  • Popularized when SaaS products starting offering APIs for integrations
  • Works with basic data models
  • Hard to scale with complex data models and client requirements

tldr; most populare API design pattern, but is not the silver bullet. Very blurry.

Node.js and APIs

  • Node.js is JavaScript, it's async and event driven.
  • Single threaded (can optimize)
  • When kept async, Node can handle a high amount of concurrent request
  • Not great for CPU intensive work (data crunching, ML, big maths)
  • So many open source tools to help build APIs

tldr; build for high concurrent APIs that are not CPU intensive

Express

  • Handles all the tedious tasks like managing sockets, route matching, error handling, and more 
  • Open source
  • Has a huge community and support from anything that has to do with APIs in Node.js
  • Not going anywhere anytime soon
  • Really simple to use

tldr; the standard API framework for Node.js

MongoDB

  • Non-relational document store that is easy to get started and scales well
  • Open source and backed by a big company
  • Tons of hosting solutions
  • ORM / ODM and other libs are some of the best for any DB
  • Does not do everything well. Just like any DB

tldr; the go-to non-relational DB, works like a dream in Node.js

Exercise 1

  1. ✅ check out to lesson-1 branch
  2. ✅ install dependencies with yarn (preferred for version locking) or npm
  3. ✅ create a route that sends back some json
  4. ✅ create a route that accepts json and logs it
  5. ✅ start the server

In this lesson you'll be creating a simple Express based API in node, just to get your feet wet.

Routing and Middleware

What is Middleware?

  • Allow you to execute functions on an incoming request with guaranteed order.
  • Great for authenticating, transforming the request, tracking, error handling.
  • Middleware can also respond to request like a controller would, but that is not their intent.

tldr; list of functions that execute, in order, before your controllers

REST routes with Express

  • Express has a robust route matching system that allows for exact, regex, glob, and parameter matching
  • It also supports HTTP verbs on a route based level. Together with the routing, you can create REST APIs
  • Routes match in the order that they were defined (top to bottom)
  • For abstraction, Express allows you to create sub routers that combine to make a full router
  • Middleware can be added to any and all routes with many different configurations

tldr; Express was designed with REST in mind and has all you need

Exercise 2

  1. ✅ check out to lesson-2 branch

  2. ✅ create a router for the Item resource

  3. ✅ create full crud routes and create placeholder controllers

  4. ✅ mount router on the root server

  5. ✅ ensure all tests pass by running test command

This exercise will have you creating routes and sub routers for our soon the be DB resources using Express routing and routers

Data modeling with MongoDB

Schemas for a schemaless DB?

  • MongoDB is a Schemaless document store, but you should always use schemas if you don't want to go crazy
  • MongoDB has added support for creating schemas, but Mongoose is much better
  • We can create models for each REST resource we want to expose via the API.

tldr; You should always use a Schema for models, and mongoose makes it easy

Schemas to models

  • Schemas hold the instructions for models. Things like  validations, names, indexes, and hooks
  • Using the schemas, we create models which are objects that let us interact with MongoDB. The models enforce the instructions on the schemas that were used to create them
  • Models will represent our REST resources

tldr; Schemas are the instructions for the models.

Exercise 3

  1. ✅ checkout to lesson-3 branch

  2. ✅ create a schema for the item resource

  3. ✅ add the correct fields (look at test)

  4. ✅ add the correct validations (look at test)

  5. extra add a compound index to ensure all tasks in a list have unique names

  6. ✅ ensure all tests pass by running test command

In this exercise, you'll be taking what you learned about Mongoose and MongoDB to create a schema and model for the Item resource.

Controllers and working with models

Routes and controllers

  • Controllers handle what a Route + Verb combo can access from the DB
  • Think of them as the final middleware in the stack for a request. Their is no intent to proceed to another middleware function after a controller
  • Controllers implement the logic that interacts with our DB models
  • Can generalize controllers to work for many models because we're going with a REST approach which requires CRUD actions on resources

tldr; Controllers are just middleware but with the intent on returning some data.

Using models

  • C - model.create(), new model()
  • R - model.find(), model.findOne(), model.findById()
  • U - model.update(), model.findByIdAndUpdate(), model.findOneAndUpdate()
  • D - model.remove(), model.findByIdAndUpdate(), model.findOneAndRemove()

tldr; Mongoose models work very nicely with CRUD

Exercise 4

  1. ✅ create generic CRUD resolvers

  2. ✅ create controllers for the Item resources using the base crud resolvers

  3. ✅ ensure all tests pass by running test command

So far we have routes and models. Now we need to hook our routes up to our models so we can perform CRUD on the models based on the routes + verbs. That's exactly what controllers do.

Authentication with JWTs

Auth basics

  • Authentication is controlling if an incoming request can proceed or not
  • Authorization is controlling if an authenticated request has the correct permissions to access a resource
  • Identification is determining who the requester is
  • Your API will never be entirely safe, but make it hard for them

tldr; You can never truly protect an API, but requiring authentication makes it a bit safer

JWT authentication

  • A bearer token strategy that allows the API to be stateless with user auth.
  • Created by a combination of secrets on the API and a payload like a user object
  • Must be sent with every request where the API will then try to verify the token was created with the expected secrets
  • After successful verification, JWT payload is accessible to the server. Can be used to authorization and identification

tldr; tokens passed every request to check auth on the server

Exercise 5

  1. ✅ checkout to lesson-5 branch

  2. ✅ create a signup controller

  3. ✅ create a signin controller

  4. ✅ create a protect middleware to lock down API routes

  5. ✅ ensure all tests pass by running test command

In this exercise you'll be locking down our API using JWT's.

API Design in Node with Express v3

By Scott Moss

Made with Slides.com

API Design in Node with Express v3

  • 7,758

More from Scott Moss