API Design in Node.js, v5

RESTful Route Design Review

Scott Moss
Netflix
API Design in Node.js, v5

Lesson Description

The "RESTful Route Design Review" Lesson is part of the full, API Design in Node.js, v5 course featured in this preview video. Here's what you'd learn in this lesson:

Scott reviews RESTful route design, explaining how CRUD controllers map to resources like habits and users. He discusses how requests flow through middleware for authentication and validation before reaching controllers, and he reviews common HTTP status codes such as 200 for success, 401 for authentication errors, 404 for missing resources, and 500 for server errors.

Preview
Close

Transcript from the "RESTful Route Design Review" Lesson

[00:00:00]
>> Scott Moss: All right, welcome back. So we just finished up locking down some of our routes with the authentication middleware that we did. Verifying the JSON Web tokens that we created upon log in and Sign Up. Now let's create some of the CRUD Controllers for some of the resources that we have like habits users, things like that and then that way you get a better sense of just like how it all works together.

[00:00:22]
Now let's create some of the CRUD Controllers for some of the resources that we have like habits users, things like that and then that way you get a better sense of just like how it all works together. Request comes in. It gets routed to the right place along the way. There's tons of middleware checking for authentication if that's what's needed, checking for input validation, and then finally reaching its destination to the controller to do the actual thing that it wants to do and then do the job and send back a response.

[00:00:41]
There's tons of middleware checking for authentication if that's what's needed, checking for input validation, and then finally reaching its destination to the controller to do the actual thing that it wants to do and then do the job and send back a response. So that's what we're about to do is do those jobs. So if we look at, I have this lesson here, lesson 10 for CRUD Controllers. Let me make sure I checked out to a new, did I check out to a new branch?

[00:00:53]
Let me make sure I checked out to a new, did I check out to a new branch? Oh, I, yes, I did, OK, so. We already talked about like Restful and things like that. You have my opinions on it, but I wrote a lot of that down here, so most of the stuff I've been saying in the course about REST and CRUD, it's all here, just written down for you, There's better resources to understand this.

[00:01:09]
You have my opinions on it, but I wrote a lot of that down here, so most of the stuff I've been saying in the course about REST and CRUD, it's all here, just written down for you, There's better resources to understand this. This is just how it comes out of my head and the way I think about it. Talked about like the route plus the verb, or you might hear method route plus method and how that maps. One thing we've been just kind of talking about over the place is just like status codes, so I wrote that down as well so you could think of HTTP Status Codes like this, and anything in the 200 is a success.

[00:01:26]
One thing we've been just kind of talking about over the place is just like status codes, so I wrote that down as well so you could think of HTTP Status Codes like this, and anything in the 200 is a success. Anything in the 400 is basically a client error, so 400 is like, hey, invalid input 401 is like. You sent us or you didn't send anything that's required for us to authenticate you, so you didn't add that bearer token or you didn't add that API key or you didn't add whatever it is, you just didn't send it up, it literally does not exist. 403 might be you sent us something, but it's wrong, so you're just not allowed.

[00:01:44]
403 might be you sent us something, but it's wrong, so you're just not allowed. 404 is like whatever you're asking for it literally doesn't exist. That's not a route that we have and. 409 might be like oh you're trying to create a user with an email that already exists so that might be a 409 that might be that's an example of a conflict but that might be the one conflict you would never probably tell the user about so it might be a different conflict where you would say that but there's a status quo for everything you can keep digging, you'll find more.

[00:02:01]
409 might be like oh you're trying to create a user with an email that already exists so that might be a 409 that might be that's an example of a conflict but that might be the one conflict you would never probably tell the user about so it might be a different conflict where you would say that but there's a status quo for everything you can keep digging, you'll find more. I promise you nobody uses anything outside of. These, and even I would say 409 is like out there. So I would say it's mostly just like 200, You almost never see 204.

[00:02:14]
So I would say it's mostly just like 200, You almost never see 204. You'll see these 400s here all the time, for sure, and you'll definitely see these. Right, 500 is your server just crashed. That's what 500 means.

[00:02:30]
That's what 500 means. 502 means. Technically what that means is like, I'm a CDN I'm trying to access an origin. And that origin's dead, so it's not my fault.

[00:02:47]
And that origin's dead, so it's not my fault. It's the it's the origin's fault. So don't get mad at me. I'm a CDN.

[00:03:01]
I'm a CDN. That's kind of a 502 is because it's a gateway, a Edge function on a CDN is technically a gateway, so it's like, hey, I'm the gateway. I'm working, but the thing that you want me to talk to is not working. And then 503 is just like.

[00:03:16]
And then 503 is just like. Yeah, we know we're shut it down for a reason, it's just down for now, you know, we know that we're aware of that. Like we oops, we messed up a migration, we gotta shut the server down. Which happens a lot.

[00:03:30]
Which happens a lot. Cool. Alright, let's make these, let's make these Controllers. So there's a lot in here.

[00:03:43]
So there's a lot in here. If you scroll and look at all this, I have a controller for every single resource we're not gonna do all these, but they're all mostly the same. That's why there's really no point of doing all of them, but we'll go through at least one of the one of the resources, so you kind of get an idea of what that looks like and then the other stuff is there for you to, follow along and implement if you want to do that. So I say we do the habit one, I think that one.

[00:03:56]
So I say we do the habit one, I think that one. Makes sense because we already did the Sign In sign up, so technically we already have users, so now let's just allow users to like create, read, update, delete habits, and I think, I think that would be good.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now