ID: I202601082020
Status: idea
Tags: API
my API if I were to restart
I have made multiple APIs in the past, for School projects, for my job, and for my personal projects. But the biggest one of them is the API that I use for my main website. This API is built using Node.js in JavaScript. It uses MongoDB and is pretty stable. I use this API for showing my projects, and for running QuartzForums, but also for things like random endpoints anyone could subscribe to. But this unit has gotten too big to redo, Iād rather slowly pivit to a new API by creating a new oldmartijntje.nl rather than rewriting the current API. And this is because it has basically become a Frankensteinās monster of an API. I have added a lot of things onto it over time.
My current API
At first, this API was written in PHP and used for the chat on this website. But then about 2 months later, my free hosting provider shut down. I had just learned about how to startup a Node.js api, So that was my logical next step.
My API started out with an account system that was inspired by Agents of S.H.I.E.L.D. This meant that every user has a Clearance level, and depending on that level, you can do things. Then I added my projects to it, on which you can see what I make. Then I added a way for me to easily spin up GET endpoints that anyone can use. About 6 months later I added QuartzForums. And that is where we are now.
The reset
I would make it in anything that is type-safe, this could be Node.js in TypeScript or NestJS or NextJs or [[C#]] or literally anything else. Then I would bake the following things from the ground up:
- Logging but in a good way. The act of logging the entire flow of an request in json format instead of just logging every IP and 1 or 2 random endpoints.
- Flagging everything fishy, I did this in my API, but too late. But also Flagging when people hit 404ās etc.
- OOP is necessary. This makes implementing things like Logging and Flagging so much easier.
- SQL instead of MongoDB. I have been using MongoDB as a relational database for a while now, and I should just use some SQL database. This helps a lot with keeping things clear
- IP Banning, because there are quite a few people that are annoying
- JWT, I have been using my own session-token system instead of just using JWT.
- Diagrams because after a while youāll forget.
- Rate limiting and DDOS protection
- A proper dashboard to view and edit all the above. Being able to mass view, filter, bookmark, delete flags, or viewing my logs from my phone.
- Proper Testing, whether it is unit testing or endpoint testing, It needs to be added.
Will we see this happening?
I might choose to discontinue QuartzForums someday, and then build a new API from scratch. I might not. Weāll see what the future brings. But it mostly depends on whether or not QuartzForums is used, cause if it is, I will not switch out my API.