Node.js REST API

What is an API?

When you’re using scrolling through Instagram on your phone, the app sends some requests to its server. Their server receives the request, processes it, and returns a response to your phone. The app on your phone processes the response and presents it to you in a readable manner. Here, the app on your phone talks to Instagram’s servers via what we call Application Programming Interface or APIs.

Let’s take another example to understand APIs. You must have heard of UPI payments and apps like GPay, PhonePe, and Paytm which allow you to do transactions via UPI. The UPI payment system is managed by NPCI or National Payments Corporation of India which exposes its APIs so that these payment apps can use them and facilitate UPI transactions to their customers. Simply put, an API is a way for two or more software systems to communicate with each other.

The application sending the request is commonly referred to as a client and the application sending the response is called the server. So, in the above example, the app on your device is the client which requests data from Instagram’s servers.

The way an API works is that the client sends some request to the server at a particular endpoint, with some payload using one of the HTTP methods; the server processes the request and returns a response which can be in HTML, XML, JSON, etc.

What is REST API?

There are various API architectures which define the rules for API calls namely SOAP, RPC and REST. Out of these, REST is the most popular choice for building APIs

REST stands for Representational State Transfer and was introduced by Roy Fielding in the year 2000

REST is not a protocol or a standard but a set of design principles based on HTTP or Hypertext Transfer Protocol

Any API that complies with the principles of the REST architectural style and allows interaction with RESTful systems is called REST API

Principles of REST

For an API to be called RESTful, it should align with the following six design principles:

1. Client Server Decoupling

REST enforces that the client and the server should be independent of each other. The client should only have information regarding the URI of the resource and the client should not interact with the server in any other way. Similarly, the server should not interact with the client in any way other than sending the requested data.

2. Stateless

REST APIs are stateless which means that each request from the client to the server must contain all the information needed to process the request. The server applications are not allowed to store any information related to client requests.

3. Uniform Interface

All the resources and actions available at specific endpoints should be decided and obeyed by both the client and the server. Also, all the API requests for accessing a particular resource should look the same irrespective of the client sending the request. The response shouldn't be very long, but it must provide all the details the client would require.

4. Cacheable

Caching is a method of temporarily storing frequently used data in local memory so that the data will be served from local memory instead of being retrieved from the server when the client asks for the same information. This principle enforces that information regarding whether caching is permitted for the provided resource should be included in the server response.

5. Layered System Architecture

REST APIs should be designed in a way that prevents the client from being able to determine whether it is communicating with the end server or an intermediary server. This architecture improves system scalability by allowing load balancing and shared caches.

6. Code on Demand

This is an optional constraint and it states that, instead of a JSON or XML response, an API response can also contain executable code in the form of applets or scripts. Thus, the server can provide some parts of features to the client in the form of code and the client only needs to execute the code.

Why REST?

The decoupling between client and server is the most important advantage of using REST APIs. This decoupling allows the client and server-side systems to evolve independently and increases the development velocity.

The decoupling also helps developers to extend their functionality without much difficulty making them more scalable.

REST APIs are flexible. They can handle a wide variety of requests and transfer data in various formats like HTML, XML, YAML, and JSON. REST APIs are language and platform agnostic which means that they can be integrated with any client irrespective of the language and platform that the API is written in.

With RESTf APIs, we can use HTTP cache and proxy server to manage high load and thus improve performance.

REST is very easy to learn and use.

Creating a Secure REST API in Node.js

Let’s create our own Node.js REST API for better understanding. For this particular use case, we will serve dummy data from a JSON file to imitate a database. We’ll also be using Postman to test our Node.js REST APIs.

Step 1: Initialize npm and Initial Setup

Create a new directory api-demo, traverse to that directory, and initialize npm in that directory using npm init

• -y here stands for "yes to all" and will select the default values for all the fields that npm needs for initialization.
• As we’re already aware, Node.js is just a runtime environment that allows developers to run Javascript on the server. So, for performing other common web development tasks, we need to use web frameworks.
• Express is one such commonly used Node.js web framework built on top of Node.js which provides the common set of utilities for building servers and web applications in general. It also makes writing handlers for Node.js REST APIs very easy and fairly straightforward.
• Since we’re not using an actual database here, but creating a JSON file which will act as our database, we’ll need a Node.js module named fs (short for filesystem) that’ll help us read and write to files on our system.

Let’s go ahead and install express and fs in our project

Step 2: Create a Dummy Database

Create a file named users.json as shown below. Here, we have a JSON object with five key-value pairs where each key is a random ID assigned to each user while the value is an object containing the user properties. This file will act as a database for our Node.js REST API.

Step 3: Creating app.js File and Setting up the Server

Create a file named app.js - this will be the main file for our project where we’ll define all the HTTP methods for our Node.js REST API and setup the backend server.

Step 4: Fetching Data of All Users Using the GET method

When using Express, the usual syntax for making HTTP requests looks something as shown below:

Here, req and res stand for the request and response objects respectively. So, to retrieve data of all the users, we can write a GET request as shown below:

When we make the request using Postman, as expected, we get the data of all the users in the response.

Step 5: Fetching Data of a User Using their ID as a Route Parameter

In this case, we’ll get the ID of the user from the route and send only that user’s data in the response. So, here's what the GET method in our Node.js REST API would look like:

Sample request in Postman:

Step 6: Creating a New User With the POST Method

To create a new user in our database, we need to make a POST call with the user’s data. Also, note that since we’re creating a database of our own, we have to explicitly add the logic for getting the subsequent user id. If you’re using something like MongoDB, it'll automatically assigns IDs to all the database entries.

For testing the POST API, make sure to add the user details in the request body. To add user data, go to the Body section, select raw data, select JSON as the data type, and add the JSON object in the textbox as shown below:

Step 7: Updating the First Name and Age of a User Using the PATCH Method

To update some properties of a user, we can use the PATCH method, pass the user ID in the route param, and the properties to be updated in the request body. All the other user properties would remain the same. The following is an illustration of PATCH method in our Node.js REST API:

Sample request in Postman:

Step 8: Overwriting a User's Data Using the PUT Method

To overwrite all the details of a user, we can use the PUT method. It will replace the current properties of the user with the properties passed in the request body.

Sample request in Postman:

Step 9: Deleting a User Using the DELETE Method

To delete a user with a particular ID, we can use the HTTP DELETE method in our Node.js REST API.

Sample request in Postman:

With this, we've finished writing our Node.js REST API with basic Create, Read, Update and Delete or CRUD functionality.