Back
🟩
Node.js Express REST API Checklist
Medium
19 items
·
2 hours
testuser
Published 1 month ago
A practical, step-by-step checklist to scaffold, secure, test, and containerise a REST API using Node.js and Express. Ideal for backend developers building a production-ready API or learners following best practices.
Progress
0 / 19
- Initialize project and Git repo — Run npm init, create src/test folders, and git init with a main branch.
- Add .gitignore and .env.example — Ignore node_modules, .env; provide .env.example with required keys.
- Install core dependencies and dev tools — Include express, dotenv, jsonwebtoken, bcrypt, joi/zod, morgan, winston, helmet, cors, express-rate-limit, jest, supertest, nodemon.
- Configure environment variables with dotenv — Load .env early and keep secrets out of source control; validate required vars at startup.
- Set up request parsing, security headers and CORS — Enable express.json, express.urlencoded, helmet, and configure cors origin rules.
- Implement input validation with Joi or Zod — Create reusable schemas and validate request body, params and query strings.
- Add centralized error handling and 404 middleware — Return consistent JSON errors and log stack traces in non-production environments.
- Implement JWT authentication
- Store JWT secret and token expiry in env — Use a strong secret and short expiry; rotate secrets via env in production.
- Create auth middleware to verify tokens — Decode, verify token, attach user to request, and handle invalid tokens cleanly.
- Protect routes and add login/register handlers — Hash passwords, return tokens on auth, and apply middleware to private endpoints.
- Add rate limiting and request throttling — Use express-rate-limit to limit requests per IP and protect auth endpoints.
- Add logging with Morgan and Winston — Log requests, responses, and errors; separate transports for console and files/remote sinks.
- Add graceful shutdown and a health-check endpoint — Handle SIGINT/SIGTERM, close DB connections, and expose /health for readiness checks.
- Write unit and integration tests with Jest & Supertest — Cover services with unit tests and endpoints with integration tests.
- Write unit tests for services and utilities — Mock external calls and assert pure logic in service functions.
- Write integration tests for endpoints — Start the app in test mode and run endpoint tests against a test DB or mocks.
- Create Dockerfile and .dockerignore — Use a small base image, copy package.json first, install deps, then copy source.
- Build and run Docker image locally — Test container locally and ensure env, ports, and health endpoint work.
Your Stats
🏆
0
Completed
📅
—
Last Done
⏱️
—
Last Time
Completion Rate
Items checked per run
⚡
—
Fastest Run
🔥
0
Streak
🚫
—
Most Skipped Step
🔄
0
Resets
📝 My Notes