The Talent500 Blog
Dos and Don’ts When Using Node.Js to Build APIs 1

Dos and Don’ts When Using Node.Js to Build APIs

Part of the reason why Node.js is a household name is because web applications designed with Node.js simply outshine those developed by most of their counterparts. Moreover, thanks to the demand for JavaScript, this technology is widely adopted by most developers. In fact, those with knowledge of JavaScript knowledge can easily pick up Node.js in just a matter of weeks, and this is among the key reasons for its popularity among developers.

Node.js is also praised for its scalability and this is what has grabbed the attention of the larger corporates. It can easily handle large volumes of simultaneous requests without burning down the servers. The flexibility of development across platforms is another point in its favor. However, despite its many benefits, it does have some problem areas and incorrect usage simply adds to them. This is where Node.js gets its ‘complicated ’ label from. In reality, the solution may involve tweak in coding practices or incorporating different approaches to building APIs.

To offer further insight into these practices and address common shortcomings, here are a few dos and don’ts to keep in mind.


Pick the right framework

When developing APIs, find the one that suits your use best. For instance, Restify excels in building REST services, whereas Express works wonders with web apps. Different frameworks have their own features and you shouldn’t restrict yourself to those you’re familiar with if the job can be done more efficiently with another tool.

Practice forward-compatible attribute naming

The objects in your API responses will have attribute names, which shouldn’t be picked out without giving it a fair bit of thought. Consider the future use of the API and ensure that the name doesn’t break flow or pose problems as updates roll out. Another key point to remember when naming is that adding new fields to an object doesn’t affect compatibility, but changing the type does. So, pick wisely when you do decide to name an attribute.

Create API documentation

Node.js REST APIs can be used quite extensively, but in order to share these, you need to provider other developers with API documentation. This is crucial and you should consider its importance when you decide to use APIs written by someone else. Work on this healthy practice and use either ‘Swagger’ or ‘API Blueprint’, both open-source projects, to create documentation easily.

Follow the ‘Robustness’ principle

The ‘Robustness’ principle is to be conservative with what you do and be liberal with what is accepted by others. The best example of this principle in action is when dealing with HTTP headers. When responding to the client, the principle states that you should use the preferred header casing. However, with any incoming HTTP headers, you should normalise them into a consistent format, thus making it easier to interpret the values. Apply the principle on a case-by-case basis as there are situations that could lead to errors that are hard to debug.


Block your event loop

JavaScript and Node.js aren’t the only technologies that utilise asynchronous programming with callbacks. However, they are the reason why it is as popular as it today. In any case, with other languages, it is safe to assume a predictable order of execution. For instance, you may be accustomed to a situation where two statements will execute in order, one after another.

Naturally, this process would only be interrupted if there is a specific instruction to jump between the statements. This would include, and be limited to, loop statements, condition statements and invoking of a function. But, this is not the case in JavaScript. When dealing with callbacks, it is important to note that a particular function or command may not run until the task assigned before is finished first. As such, whatever is already being executed will continue to do so until it ends, without any interruption. However, should you be required to execute such a command, code it into the callback and invoke it from within itself.

Take encryption lightly

While the ‘md5’ algorithm is still quite popular, don’t make the mistake of assuming it is all you need in terms of security. The golden rule, and one you’ll do well to never forget, is that you should always assume that the server will be compromised. The when of it all is a non-issue, but preparing for the inevitable breach is the principle to keep in mind. Naturally, this is a tedious process but one that is well worth it, especially when it comes to user credentials.

Customers trust you with their personal credentials and subpar security measures put a great deal at risk. This is why it is important to employ a more robust and reliable password hashing algorithm. These include:

• Argon2
• Scrypt
• Bcrypt

Such algorithms protect against brute-force attacks and even make the server or application resistant to these in some ways.

Invoke multiple callbacks

It is common knowledge that JavaScript relies on callbacks. With the help of Node.js, they were the only way to enable some form of communication between two asynchronous elements of your code. This was until the advent of ‘promises’— a value returned by an asynchronous function once it has completed the tasked process. However, despite the fact that promises exist, it is still quite common to find developers use and multiple callbacks when designing APIs.

The problem here is that these developers may be viewing a callback as the end point of the function. As such, there is potential for error and or ‘callback hell’, which is when the code has several complex nested callbacks, often representing a pyramid pattern. In such situations, code is harder to debug as each callback has an argument in the previous callbacks. Thus, errors in any one function impacts all that follow. Naturally, this should be avoided at all costs.

It may be interesting to also note that there is a workaround for this. Developers may add a ‘return’ before the callback to keep from invoking multiple times. However, since the return statement has almost no significance, it helps avoid the problem too!

Confuse floating points and integer data types

When representing numbers in JavaScript, it is crucial to note that these are represented in floating points. Usually, when developing APIs, numbers big enough to strain the limits of float are not common; however, this doesn’t mean it can’t happen. When it does is exactly when mistakes end up happening. Breaching the limits of the float causes havoc and could render the entire function unless.

The main reason for this is that operators work differently with the data types. So, during development, if you find yourself needing to work with larger numbers, the ideal solution is to include or utilise a big integer library. These will have the necessary operations to give you the desired results on large precision numbers.

Arming yourself with the right practices when developing using Node.js is easier said than done, but these pointers can help a great deal. In fact, it can help you develop code more efficiently and take your career as a Node.js developer to the next level. To take that step seamlessly and work amongst the best in the industry, sign up with Talent500. Our specialised skill-assessment algorithms is equipped to align your profile with job opening at some of the top Fortune 500 companies.



Girish is Talent500’s architect for systems software. His experience in backend development has helped him convert visions of many a product into reality. From his days at BITS-Pilani, he has always dreamt about beating AplhaZero at chess.

Add comment