BEGINNER • API Foundations and HTTP

Validation and Contract Checkpoint #3

This lesson targets enforce strict input validation in a realistic inventory synchronization service workflow. You will practice commands: npm run dev | node server.js | app.get('/route', handler). The code example is specific to backend API engineering tasks for this lesson objective.

Code Example

import jwt from "jsonwebtoken";

type SessionPayload = {
  userId: string;
  role: "user" | "admin";
};

export function signSession(payload: SessionPayload, secret: string) {
  return jwt.sign(payload, secret, { expiresIn: "12h" });
}

export function verifySession(token: string, secret: string) {
  const decoded = jwt.verify(token, secret) as SessionPayload;
  if (decoded.role !== "admin" && decoded.role !== "user") {
    throw new Error("Invalid session role");
  }
  return decoded;
}

Commands & References

npm run dev
node server.js
app.get('/route', handler)

Lab Steps

Prepare environment using: npm run dev
Implement endpoint or middleware for this scenario.
Test positive/negative cases and inspect response contracts.
Document one reliability or security improvement.

Exercises

Add one edge-case validation and return clear error details.
Improve one endpoint to be idempotent and test retries.
Write one test case proving the expected API behavior.

Previous Lesson Next Lesson

Back to Backend API Mastery