DEV Community

Cover image for Designing your Blog API
Awosise Oluwaseun
Awosise Oluwaseun

Posted on

Designing your Blog API

Having gone through some of the overviews of the project in our previous article such as setting up our node enviroment, .env, .gitignore and installing all required packages for the project. Let's talk about the Blog API!

The Blog API allows you to perform CRUD (Create, Read, Update and Delete) operations. For the Create, Update and Delete operations, you as an authenticated user can create your own blog and have it as either draft (which is the default) or published, update and delete only your own blog. The owner of the blog is also allowed to update the state of the blog from draft to published

For the Read operation, both authenticated and unauthenticated users can read published blogs. Only authenticated users can view their own drafts.

A summary of endpoints based on the decription given above

HTTP Method Routes Authenticated? Description
GET /api/v1/home/blog No Get all published blogs
GET /api/v1/home/blog/:id No Get all published blogs by ID
GET /api/v1/blog Yes Get all published and drafted blogs created by the user
GET /api/v1/blog/:id Yes Get all published and drafted blogs by ID created by the user
POST /api/v1/blog Yes Post blog as an authticated user
PUT /api/v1/blog/:id Yes Update blog as an authenticated user
PATCH /api/v1/blog/:id Yes Update blog state as an authenticated user
DELETE /api/v1/blog/:id Yes Delete blog as an authticated user

Having drafted out the endpoints, let us look at other features that we will be implementing and the packages that will help us achieve them.

Setting up our Server

The server is the link between our client and the database. It allows us to run logic that helps us in interacting with the database. All of our CRUD operations run on the server.


The type of authentication used in this API is the Token Based Authentication. The user creates an account by signing up then uses the credentials to sign in. This then generates a token that the user will use to access protected Routes.
The packages used:

Summary of endpoints required for authentication

HTTP Method Routes Description
POST /api/v1/signup signup user
POST /api/v1/login login user

Input Validation

Even with a proper API documentation, humans are bound to make mistakes while filling in or supplying details to be sent to the database. So, in order to curb this error, we have packages joi and mongoose that help us do this. They allow us to run some validator checks on inputted data to ensure uniformity in the data collected in the database.

Error Handling

There are several errors generated from the API and they were properly handled using the error handler middleware and the express-async-errors package. Some of the errors that were includes:

Error Type Error Status Code
Bad Request Error 400
Page not Found Error 404
Unauthenticated Error 401
Unauthorised Error 403

You can read more on HTTP status codes.

All of these error modules are found in the error folder shown in the project folder structure.


Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle. These functions are used to modify req and res objects for tasks like parsing request bodies, adding response headers.
In this project we used middleware functions to handle certain tasks like:

  • Input validation
  • Authentication
  • Filtering blog by query parameters
  • Pagination
  • Error handling

Rate Limiting

The rate limiting middleware limits the number of requests that come from a specific user, IP address or location within a given window (period of time). This can be achieved using a package called express-rate-limit as middleware

Cross Origin Resource Sharing (CORS)

This allows us to be able to set sites that can have access to making direct request to our API. These sites that are allowed are whitelisted.This can be achieved using a package called cors as middleware. You can read more on it

We have learnt the major features we'd be implementing in this project. Let's get into the full implementation of some of these features in our API with codes. BRACE UP! for you're about to enter the world of codes!

Latest comments (0)