BEGINNER • API Foundations and HTTP

Validation and Contract Checkpoint #8

This lesson targets harden production security posture in a realistic analytics ingestion service workflow. You will practice commands: req.params / req.query / req.body | npm install express | curl http://localhost:3000/health. The code example is specific to backend API engineering tasks for this lesson objective.

Code Example

import jwt from "jsonwebtoken";

type SessionPayload = {
  userId: string;
  role: "user" | "admin";
};

export function signSession(payload: SessionPayload, secret: string) {
  return jwt.sign(payload, secret, { expiresIn: "12h" });
}

export function verifySession(token: string, secret: string) {
  const decoded = jwt.verify(token, secret) as SessionPayload;
  if (decoded.role !== "admin" && decoded.role !== "user") {
    throw new Error("Invalid session role");
  }
  return decoded;
}

Commands & References

req.params / req.query / req.body
npm install express
curl http://localhost:3000/health

Lab Steps

Prepare environment using: req.params / req.query / req.body
Implement endpoint or middleware for this scenario.
Test positive/negative cases and inspect response contracts.
Document one reliability or security improvement.

Exercises

Add one edge-case validation and return clear error details.
Improve one endpoint to be idempotent and test retries.
Write one test case proving the expected API behavior.

Previous Lesson Next Lesson

Back to Backend API Mastery