Back to Projects

RESTful API Development

Design and implementation of scalable APIs with comprehensive documentation, authentication, and rate limiting.

Node.jsExpressSwaggerMongoDB

Overview

This topic showcases my expertise in designing and implementing scalable APIs. They all provide robust authentication mechanisms, full documentation, and key features such rate limiting. Using technologies including Node.js, Express, Swagger, and MongoDB, my skills enable businesses to build scalable and secure backends.

Key Experiences

Scalable API Architecture

  • Designed APIs with modular architectures to handle evolving business requirements.
  • Utilised Node.js and Express for high-performance server-side logic.

Authentication and Authorization

  • Implemented robust authentication systems using JWT (JSON Web Tokens).
  • Integrated role-based access controls (RBAC) to secure critical endpoints.

Comprehensive Documentation

  • Used Swagger to create interactive documentation, providing external developers with a simple onboarding process.
  • Generated OpenAPI specifications for standardised API definitions.

Rate Limiting and Throttling

  • Configured middleware to limit requests, protecting APIs against abuse and ensuring fair resource use.

Sample Implementations

API Endpoint for User Registration

The following simplified example demonstrates a secure endpoint for user registration, complete with validation and error handling:

code
const express = require('express');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const { MongoClient } = require('mongodb');

const app = express();
const client = new MongoClient('mongodb://localhost:27017');
const dbName = 'api_database';

app.use(express.json());

app.post('/register', async (req, res) => {
    const { username, password } = req.body;

    if (!username || !password) {
        return res.status(400).send({ error: 'Username and password are required' });
    }

    try {
        await client.connect();
        const db = client.db(dbName);
        const existingUser = await db.collection('users').findOne({ username });

        if (existingUser) {
            return res.status(409).send({ error: 'User already exists' });
        }

        const hashedPassword = await bcrypt.hash(password, 10);
        const result = await db.collection('users').insertOne({ username, password: hashedPassword });

        const token = jwt.sign({ id: result.insertedId }, 'your-secret-key', { expiresIn: '1h' });
        res.status(201).send({ token });
    } catch (error) {
        res.status(500).send({ error: 'Internal Server Error' });
    } finally {
        await client.close();
    }
});

app.listen(3000, () => {
    console.log('API server running on port 3000');
});

Swagger API Documentation

The following simple example shows how to create Swagger documentation for a user login endpoint:

code
openapi: 3.0.0
info:
  title: User API
  version: 1.0.0
paths:
  /login:
    post:
      summary: User Login
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                username:
                  type: string
                password:
                  type: string
      responses:
        '200':
          description: Successful login
          content:
            application/json:
              schema:
                type: object
                properties:
                  token:
                    type: string
        '401':
          description: Unauthorized
        '500':
          description: Internal Server Error

Rate Limiting Middleware

This simplified demonstration shows how to implement rate limiting using the express-rate-limit library:

code
const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100, // Limit each IP to 100 requests per windowMs
    message: 'Too many requests from this IP, please try again later.',
});

app.use(limiter);

My Results and Impact

  • Enhanced scalability and reliability, enabling APIs to handle increased traffic without downtime.
  • Improved security with robust authentication and rate limiting, reducing unauthorised access.
  • Streamlined developer onboarding with detailed Swagger documentation, cutting integration times for external developers.

Example Tools and Technologies

  • Node.js: High-performance JavaScript runtime for backend development.
  • Express: Lightweight framework for building RESTful APIs.
  • Swagger: Tool for creating and managing interactive API documentation.
  • MongoDB: Flexible NoSQL database for managing structured and unstructured data.

Conclusion

This topic highlights my ability to design and implement secure and well-documented APIs. My skills give businesses the ability to integrate services efficiently, while maintaining high performance and security standards.