Understanding Backend APIs and REST Architecture

# CHAPTER 2

Understanding Backend APIs and REST Architecture #

1. Introduction #

2. Learning Objectives #

• Define what a REST API is.

• Understand the Request-Response cycle.

• Differentiate between the 4 primary HTTP methods (GET, POST, PUT, DELETE).

• Recognize standard HTTP status codes (200, 201, 404, 500).

3. Beginner-Friendly Explanation #

1. 1. Read a book.

1. 2. Add a new book to the shelf.

1. 3. Update a book's cover.

1. 4. Throw away a ruined book.

4. The Request-Response Cycle #

1. 1. Request: The Client (mobile app) sends an HTTP Request to the Server (Node.js). The request contains a Method (GET/POST), a URL (/users), and sometimes data (a JSON payload).

1. 2. Response: The Server processes the request and sends back an HTTP Response. This contains a Status Code (e.g., 200 OK) and the requested data (in JSON format).

5. The Four Core HTTP Methods #

• GET (Read): Used to retrieve data.

• *Example:* GET /api/users (Gets all users).

• POST (Create): Used to send new data to the server to be saved.

• *Example:* POST /api/users (Creates a new user account).

• PUT / PATCH (Update): Used to modify existing data.

• *Example:* PUT /api/users/5 (Updates the profile of user ID 5).

• DELETE (Delete): Used to remove data.

• *Example:* DELETE /api/users/5 (Deletes user ID 5).

6. Standardizing the URL Structure #

BAD URL Architecture (Not RESTful):

• /get-all-users

• /create-new-user

• /delete-user-by-id

GOOD URL Architecture (RESTful): Notice how the URL stays exactly the same; the *HTTP Method* changes the action!

• GET /users (Fetches users)

• POST /users (Creates a user)

• DELETE /users/5 (Deletes user 5)

7. HTTP Status Codes #

• 200 OK: The request was successful (Used for GET).

• 201 Created: Data was successfully saved to the database (Used for POST).

• 400 Bad Request: The user sent invalid data (e.g., missing an email).

• 401 Unauthorized: The user is not logged in.

• 404 Not Found: The URL or data does not exist.

• 500 Internal Server Error: Your Node.js code crashed.

8. The JSON Response Format #

Example of a standardized JSON Response:

{
  "status": "success",
  "data": {
    "id": 5,
    "name": "Alice",
    "email": "alice@example.com"
  }
}

Example of an Error Response:

{
  "status": "error",
  "message": "User not found"
}

9. Best Practices #

• Keep it Stateless: A core rule of REST is that APIs are "stateless." The server should not remember the client between requests (no sessions). Every single request from the client must contain all the information necessary to authenticate it (usually via a JWT token).

10. Common Mistakes #

• Using GET to delete data: Beginners often create routes like GET /api/delete-user/5. This is extremely dangerous. Web crawlers (like Google) click every GET link they find to index the web. If Google crawls your API, it will delete your entire database! Always use the DELETE HTTP method for destructive actions.

11. Exercises #

1. 1. Match the CRUD operation (Create, Read, Update, Delete) to its correct REST HTTP method (GET, POST, PUT, DELETE).

12. Coding Challenges #

• Challenge: Based on REST architectural rules, write out the exact HTTP Method and URL path you would use to fetch a specific blog post with the ID of 42.

13. MCQs with Answers #

14. Interview Questions #

• Q: Explain the concept of a REST API. What makes an API "RESTful" regarding its URL structure and use of HTTP verbs?

• Q: Why must REST APIs be "stateless"? How does this differ from traditional web applications that use sessions?

15. FAQs #

16. Summary #

17. Next Chapter Recommendation #