Backend from First Principles

The "backend" is the part of the application that users don't see—it runs on the server. It handles data processing, storage, business logic, and security. While the frontend is the "waiter" handling the customer, the backend is the "kitchen" preparing the food.

Key Roles: Managing databases, handling APIs, and ensuring security.

This is the fundamental model of the web. The Client (browser/mobile app) requests resources or actions. The Server (backend) processes this request and sends back a response.

Example: You (Client) click "Order Pizza" -> Request sent to Server -> Server checks inventory/payment -> Server sends "Order Confirmed" response.

Methods: Verbs that tell the server what to do.
GET (Retrieve data), POST (Create data), PUT (Update data), DELETE (Remove data).

Status Codes: Numbers indicating the result.
200 OK (Success), 404 Not Found (Client Error), 500 Server Error (Server crashed).

Representational State Transfer (REST) is a design style for APIs. It treats everything as a "Resource" (like a user, a tweet, a product) accessible via a standard URL (e.g., /users/123).

Stateless: Each request must contain all info needed; the server doesn't remember previous requests automatically.

A common way to organize backend code (Separation of Concerns):

• Controller: Handles the incoming HTTP request and validation.
• Service: Contains the actual business logic (e.g., "Calculate tax").
• Repository: Handles the direct communication with the database (SQL queries).

Business Logic: The rules unique to your app (e.g., "Users get 10% off on birthdays"). This is your core value.

Infrastructure: The plumbing that supports it (e.g., Sending emails, connecting to Redis, parsing JSON). Keep these separate so you can swap tools easily.

Middleware functions are like checkpoints that a request passes through before reaching your main code.

Examples: Logging ("Request came from IP 1.2.3.4"), Authentication ("Is this user logged in?"), Parsing ("Convert this JSON body to an object"). if a check fails, the middleware stops the request.

Relational (SQL): Stores data in tables with strict rows/columns (e.g., PostgreSQL, MySQL). Good for structured data with relationships (User -> Orders).

NoSQL: Stores data as documents, key-pairs, or graphs (e.g., MongoDB, Redis). Flexible schema, good for rapid changes or massive unstructured data.

The art of designing how data is stored. It involves defining entities (User, Product) and their relationships (One-to-One, One-to-Many, Many-to-Many).

Goal: Design for data integrity (no duplicates) and query efficiency (fast retrieval).

Transactions: Ensure "all or nothing" operations. If you transfer money, deducting from A and adding to B must both happen, or neither should.

Indexing: Like the index at the back of a book. It helps the database find a specific row (e.g., matching an email) instantly without scanning the entire table.

Caching means storing frequently accessed data in fast, temporary storage (RAM/Redis) instead of querying the slow database every time.

Example: Storing the list of "Top 10 Products" for 5 minutes so you don't calculate it for every single visitor.

Authentication (AuthN): "Who are you?" Verifying identity (e.g., Login with password).

Authorization (AuthZ): "What are you allowed to do?" Verifying permissions (e.g., Admin can delete users, regular user cannot).

Sessions: Server stores a record of the login in memory/database and gives the user a cookie ID. Stateful.

JWT (JSON Web Token): Server signs a token containing user info. The user sends this token with requests. Server validates the signature. Stateless and scalable.

Never trust user input. Always sanitize and validate data (e.g., check if email format is valid) before processing to prevent SQL Injection or XSS attacks.

Error Handling: Don't expose raw stack traces to users. Send generic messages ("Something went wrong") while logging the detailed error internally.

You can't fix what you can't see. Logging records what happened (e.g., "User X paid $5"). Monitoring tracks system health (CPU usage, error rates) and alerts you if the server is about to crash.

Systems fail. Good backends are resilient. Techniques include Retries (try again if network blips), Timeouts (stop waiting after 5s), and Circuit Breakers (stop calling a broken service to prevent cascading failure).

Making things fast. Common strategies: Database indexing, Caching API responses, optimizing code algorithms, and using vertical (bigger server) or horizontal (more servers) scaling.