[go: up one dir, main page]
Scribd
Upload
37 views11 pages

API REST CRUD Middleware Overview

The document explains the concept of APIs (Application Programming Interfaces) and their role in facilitating communication between frontend and backend systems, emphasizing that APIs act as gatekeepers to databases. It discusses REST APIs, CRUD operations, and the use of middleware for handling requests and responses. The document highlights the importance of secure API access over direct database access to prevent vulnerabilities like SQL injection.

Uploaded by

mhrb54824
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
37 views11 pages

API REST CRUD Middleware Overview

The document explains the concept of APIs (Application Programming Interfaces) and their role in facilitating communication between frontend and backend systems, emphasizing that APIs act as gatekeepers to databases. It discusses REST APIs, CRUD operations, and the use of middleware for handling requests and responses. The document highlights the importance of secure API access over direct database access to prevent vulnerabilities like SQL injection.

Uploaded by

mhrb54824
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

APIs, REST, CRUD, Middleware

Explained
From direct DB access to secure
backend design
What is an API?
• - API = Application Programming Interface
• - Lets systems talk to each other
• - Your frontend sends HTTP requests to the
backend API
• - Backend talks to the database
Does API Directly Access DB?
• - NO! Clients never talk directly to your
database
• - API acts as a gatekeeper
• - Validates input, checks auth, queries DB
safely
• - Prevents exposing credentials or raw queries
Direct DB Access vs API
• ❌ Direct DB Access:
• - Exposes DB credentials
• - No validation or auth
• - Risky for SQL Injection

• ✅ API Access:
• - Client → API → DB
• - Secure queries with validation & logic
What are REST APIs?
• - REST = Representational State Transfer
• - Standard way to build APIs over HTTP
• - Uses URLs + HTTP methods: GET, POST, PUT,
DELETE
• - Data is exchanged as JSON
How to Create REST APIs
• - Use a backend framework (Express, Django,
Rails)
• - Define routes: /api/users, /api/products
• - Use CRUD operations with variables (e.g., id,
name)
• - Send JSON responses
Do APIs Connect Frontend &
Backend?
• - YES! Frontend calls API endpoints
• - API handles business logic
• - API talks to DB behind the scenes
• - Keeps DB private & secure
CRUD Queries with Variables
• - CRUD = Create, Read, Update, Delete
• - Each operation uses a query template with
dynamic variables
• - Example: SELECT * FROM users WHERE id = ?
• - Avoids hardcoding values
What are Middlewares?
• - Functions that run between request &
response
• - Read/modify request or response
• - Call next() to pass to next middleware/route
• - Used for parsing, auth, logging, validation
Middleware with GET & POST
• - Middleware works with ALL HTTP methods
• - GET: logging, auth, caching
• - POST: body parsing, validation, auth
• - next() passes control down the chain
Why Use next() in POST?
• - POST requests often need multiple steps
• - Example: parse JSON → validate → check
duplicates
• - Each step is a middleware with next()
• - Final handler saves data & sends response

You might also like