How to Become a Backend Developer: Practical Guide
You don’t enjoy designing and building frontend applications? You pull your hair out while writing CSS? Or, you want to work with databases, servers, and APIs? If your answer is yes – backend development is the way to go. In front of you, there is a roadmap that will help you start your backend developer journey. Nevertheless, the most important thing is your involvement in the process. Read, practice, and experiment because these activities will determine your future success.
To begin your backend developer journey, you need to know what HTTP is and how it works. HTTP stands for Hyper Text Transfer Protocol and it was developed by Tim Berners-Lee in 1991. It’s one of the most popular solutions to communicate between web servers and clients. HTTP uses a request-response model, so every time a client sends a request, it’s expecting a response back from the server.
The initial version of HTTP had no number, and it has been later called 0.9. Many people don’t know about this release and I suppose it’s because almost nobody is using it nowadays. The main feature is the request that consists of a single line – GET method and path to the resource.
There are many new things compared to the previous version. A status code is now sent at the beginning of every response. It allows the client to determine whether the request succeed or failed. The next great feature is having headers that give much more flexibility to the entire process. They’re available both for the request and response. The one really popular header is Content-Type, which can transmit other documents than only HTML files.
Since its creation in 1995, HTTP 1.1 is widely used nowadays. It’s much more efficient than 1.0 due to connection reuse. It also introduces pipelining, chunked responses, and additional cache control mechanisms.
It was designed by IETF in 2015. It’s a binary protocol, and thus it cannot be read and created manually. Multiple requests can be handled over the same connection, and headers are now compressed. HTTP 2 significantly decreases latency compared to the 1.1 version. On the other hand, it also has some problems. Most of them are related to encryption issues.
HTTP 3 is still experimental as of writing this article. It has all HTTP 2 features with one difference. Instead of TCP, it uses QUIC. It’s a transport layer nearly equivalent to the previous one but with much lower latency.
- An overview of HTTP
- Hyper Text Transfer Protocol Crash Course – HTTP 1.0, 1.1, HTTP/2, HTTP/3
- HTTP/3: the past, the present, and the future
2. Programming Language
Things are starting to be more interesting here as we’re moving into the practical part. There are tons of programming languages you can use as a backend developer but pick one that you really like and stick to it. If you haven’t made a decision yet, check out Top 10 Programming Languages Comparison: Ultimate Guide. If you’re a complete newbie, start by watching some tutorials on the internet. Otherwise, go straight into building projects. Create at least 3 of them or until you feel comfortable with your programming language. Want some inspiration? Check Best 15 Coding Project Ideas.
Git is a widely-used version control system developed in 2005 by Linus Torvalds. I believe you already know him. If not, here is a hint: Linux. A vast number of projects rely on Git nowadays, which includes open-source as well as commercial projects. It allows developers to work together, all using the same code. What’s more, Git helps resolve conflicts when many people are editing the same files.
Start by installing Git on your local machine. You can follow the tutorial below:
Whether you’re a frontend or backend developer, you should know how to use a version control system. If you aren’t familiar with Git yet, check the attached resources. Try to implement the version control flow in your existing project. Then, share your code with the world by creating a remote repository. This tutorial will help you get started with Github – the most popular place to host your project.
Disclaimer: You shouldn’t push any sensitive data to your remote repository. This includes passwords, secrets, keys, etc. If your repo is public, everybody can see and use them. Keep this in mind.
- Git Complete: The definitive, step-by-step guide to Git
- How to Write a Git Commit Message
- 7 Git Best Practices to Start Using in Your Next Commit
API stands for Application Programming Interface. It’s really a crucial part of the software development world because it allows applications to talk to each other. As a backend developer, you’ll have to deal with them on a daily basis.
To understand it better, let’s start with a practical example. Booking a flight, placing an order, or making a reservation – all these things require APIs working under the hood. In other words, It’s a messenger that takes a request and returns a response. Think about being in a restaurant and sitting at the table. You want something from the menu, and you know that a kitchen is a place where it’ll be prepared. But how to communicate with the kitchen? Imagine that a waiter is an API. It takes your order and hands it over to the kitchen. When it’s done, it delivers the food back to you.
There are different types of Web APIs:
In this article, we’ll focus on two of them – REST and GraphQL. If you’re interested in more, check out the learning resources.
What is REST? It’s an architectural style and set of rules on creating an API. Here are some basic rules:
1. Uniform Interface
Imagine that many different devices may interact with your server. Let’s say computers, smartphones, tablets, watches, etc. This rule means that you don’t build multiple APIs that support various devices. You create one interface that allows any devices to communicate with it.
It says that there should be a clear gap between the client and the server. Thanks to it, our applications can grow independently, and we’re given much flexibility.
Every incoming request should have enough data to finish processing. In other words, the server shouldn’t store any information about the client. Instead of that, the client sends required data every time he makes a request.
API should support data caching to increase performance. The server might be overloaded with multiple requests. In this case, the good practice is to store as much data as possible in the cache. Don’t confuse it with the Stateless rule.
5. Layered System
A client making a request should be able to respond despite knowing what’s going on under the hood. After receiving a request, the server can perform multiple actions before sending a response. The client shouldn’t know about them.
A simple REST API endpoints might look like this:
GET /books GET /books/:id POST /books PUT /books/:id DELETE /books/:id
We’ll talk about GraphQL API later in this article.
5. Web Framework
A web framework is designed to help you with the development process of web applications. It provides a standard way to build and deploy them. What’s more, a web framework automates many repeatable activities associated with backend development and software engineering in general. For example – database access, templating, and session management. Every programming language usually has multiple frameworks. Here are some of them:
Now it’s time for you to choose your web framework. Learn it, play with it, and most importantly, stick to it. After building some projects, you should be good to go further. You can use the resources that I’ve included earlier or use your imagination to come up with the project ideas.
Working with databases is the inherent part of the backend developer job. A database is a place where you store most of your data. Imagine having an online e-commerce shop. Your database will save the customers’ data, available products, placed orders, and so on. There’re basically two types of databases SQL and NoSQL. It’s a pretty general assumption, and there are more of them. However, we won’t get into that right now. As usual, if you want to learn about them, check the additional resources.
SQL is a language used to manage relational data. SELECT, INSERT, ALTER, DELETE – all of them are part of the SQL language. All the data is structured inside tables with rows and columns. The important thing is that they can link to each other using different keys and relations. That’s why these databases are also called relational.
- Suitable for complex queries
- Security (ACID transactions)
- Predefined schema
- Costly to scale
- Not suitable for hierarchical data
- Adding new data might require some additional effort
NoSQL databases don’t follow the standard SQL language, and they don’t worry about the relational data. There’re several types of NoSQL databases, such as Wide-column, Key-value, Document, and Graph.
- Dynamic schema
- Cheaply to scale
- Works best with hierarchical data
- Not suitable for complex queries
- Worse security compared to the SQL databases
- Relatively less community support
Now, it’s time for you to experiment. You can connect to a database in the projects you’ve already done or create new ones from scratch. And again, try to really understand why we need them and how they work before going any further.
- 7 Types of Databases That Every Backend Developer Should Know
- ACID Explained: Atomic, Consistent, Isolated & Durable
- SQL Tutorial – Full Database Course for Beginners
Authentication is about understanding who wants to access your application and a backend developer is responsible for taking care of this process. Authentication can be done in one or multiple steps. For example, an application expects the user to provide his login and password. If the credentials are correct, you can access the application. Otherwise, you cannot go any further.
Password is the most common authentication method. It’s easy to implement but, on the other hand, not that secure. What’s more, many users tend to have the same password for all their accounts. That means, when the hacker got someone’s password, he has access to all his data.
Multi-factor authentication is a much more secure method than password-based. It requires two or more independent ways to identify a user. For instance, after a user enters the correct credentials, the application sends a confirmation code to his mobile phone.
This method is used to authenticate users, machines, and devices via a digital certificate. It contains the digital identity, public key, and digital signature of a certification authority. The client needs to provide his certificate, which is then validated by the server.
After a user has entered his credentials, the application generates an authentication token for him. Then, he can use this token to access protected actions instead of typing his credentials all over again.
This authentication method is widely used in mobile applications. There are many types of biometric authentication. Some of them are facial recognition, fingerprint scanner, voice identification and eye scanner.
As usual – code, build, experiment. You can implement authentication in your previous projects or create a new one from scratch.
Why do you need Docker? Imagine that your backend application needs to have multiple services such as a web server, database, cache engine, message queue, etc. You have to ensure that all of them are compatible with your OS. What’s more, the libraries and dependencies might have different versions. The architecture of your application will probably change in the future, and more services may be added. Another issue is that every developer in your team needs to have the same environment. Think about a situation when your application is compatible with Linux but cannot be run on Windows. Docker allows you to run every service in a separate container with its own libraries and dependencies. A container is a completely isolated environment that acts really similar to a virtual machine with minor differences.
- Easy and fast deployment
- Isolated and independent environment
- Possibility of running them on any OS
- CI / CD pipelines
- The development process in a team
- Personal productivity
If you haven’t installed Docker yet, check out the links below. Afterward, watch the attached tutorial on how to use Docker and implement it in your own projects.
- Docker Mastery: with Kubernetes +Swarm from a Docker Captain
- Learn Docker in 7 Easy Steps – Full Beginner’s Tutorial
- Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
Caching means storing frequently demanded things close to a client. Thanks to it, the access speed is significantly faster and the user experience is much better.
Imagine that you’re writing an essay. You need some specific knowledge from a book in a library. One approach is to visit the library every time you need some information. To be honest – not very efficient. On the other hand, you can simply borrow the book and place it on your desk. And every time you need something, you’ll look up to the book and therefore, you won’t waste time going to the library. In this example, your desk will act as a cache. There are also some downsides to this approach. One of them is space. You can only keep a limited amount of books on your desk. That’s also how the actual cache works. You store there just the most important things for you at the moment.
- Decreased network cost – Requests won’t cause additional network activity, so the overall cost is lower.
- Better performance – Retrieving content from cache is much faster than making a request from scratch.
- High availability – When the server is down, caching allows us to access the saved content
- Database caching
- Token caching
- In-memory data lookup
- Quick access to any required data
- Object store – HTTP response object, HTML page, database result set (e.x. Memcached)
- Key-value store – Simple key to value strings (e.x. Redis, Memcached)
- In-memory cache – Any object that can be accessed through run-time memory (e.x. Hash map)
Try to implement caching in one of your projects. You might spend some time applying those mechanisms, but you’ll immediately see the difference in the performance. In the long run, the users will thank you.
- Caching use cases, benefits and strategies
- What is Distributed Caching?
- Redis In-Memory Database Crash Course
Security plays a massive role in backend development. We’re responsible for all the lost and hacked data. Therefore, we need to focus on implementing the best security techniques that will make our application much safer.
Imagine that someone is using the brute force method to take control over one of the user accounts. A rate limiter will detect a suspicious number of requests and will temporarily block the IP address. It may also be a useful technique against some spammy people that want to outplay the system.
First of all, establish some password requirements. A common approach is to set minimum password length and complexity. Secondly, think about storing sensitive information. You should avoid keeping them at all costs, but if you really need to, make sure to encrypt all the data. Then, think about your specific case. Does your application really need high security? If so, you should set a password expiration policy. This means, after a specific period, you should force a user to change his password.
Libraries and modules have to be updated regularly. Very often, someone discovers a new vulnerability, and the fix is only available in the latest version. If you use old software, you put yourself at a much higher risk of getting hacked. Next thing – third-party libraries. I know they’re very helpful, but you need to be really careful with them. Many third-party solutions have vulnerabilities that might affect your application. Always use software that is tested and well-known in the community.
To expand your backend development knowledge even further, you’ll find some additional security best practices in the linsks below.
- What is Data Encryption
- API security: 12 essential best practices
- Web application security: 10 things developers need to know
There are usually two goals of testing. First of all, it reduces the number of bugs in your application. Secondly, adding new features is much easier and convenient because developers don’t have to test the software manually.
They should focus on a tiny unit of code, be isolated and independent. This means that there are usually used to test a single class, function, or method. What’s more, their dependencies are mocked and therefore, execution time is much faster.
They’re something between Unit and E2E tests. Integration tests ensure that the code which works in isolation also plays well with other components. They combine some parts of our application and check if the elements are interactive seamlessly with each other.
The goal of writing them is to test the entire application flow from start to end. There is no isolation, no mocks, and every service is tested at the same time. This can include databases, queues, caches, external APIs, etc. The major downside of them is the amount of time they need to execute.
Google says that the perfect balance is to have a 70/20/10 split: 70% unit tests, 20% integration tests, and 10% E2E tests. Besides that, you should find out what works best for your project and stick to it. Start by adding some tests to your application and slowly progress, increasing the overall test coverage.
GraphQL is a query language for reading and mutating data in APIs. It provides a type system where you can create a schema for your resources. This allows frontend developers to explore the API much easier.
In a REST API, you have multiple endpoints and predefined body responses. This approach has some downsides. What if the client needs only the small subset of data from the response or needs data from multiple endpoints? These problems are solved by GraphQL. You just have a single endpoint where you describe what part of the data you want.
- You can fetch specific data with a single API call
- The API is self-documenting
- It’s less error-prone due to automatic validation and type checking
- Caching is a bit harder to implement
- It has a complexity that it makes not worth-implementing in smaller applications
- GraphQL doesn’t leverage useful HTTP features
13. Data structures & algorithms
I wouldn’t say it’s obligatory to learn various data structures and algorithms in order to become a backend developer. However, I can genuinely say that it’s definitely worth it.
What is a data structure? It’s a way of organizing data so that it can be used more effectively. Algorithms, on the other hand, are operations on these data structures.
What are the benefits of using them?
- It’s easier to organize and manage data
- They make code cleaner and easier to understand
- They allow our application to maximize the performance
Websites where you can practice them
Try to experiment, practice on the above websites and implement some data structures in your applications. It’s okay if you don’t understand them at first. Learning is a long-term process, not a short run.
- Master the Coding Interview: Data Structures + Algorithms
- The Coding Interview Bootcamp: Algorithms + Data Structures
- Cracking the Coding Interview
14. Next steps
If your backend application is scalable, it can handle a significantly higher load without sacrificing the latency. In other words, when the number of users increases, the application can manage this traffic without reducing the performance. There are basically two types of scalability.
1. Vertical Scaling
Vertical scaling means adding more power to your server. Imagine that your application is hosted by a server with 32 GBs of RAM. To vertically scale your server, you’ll increase the amount of RAM to 64 GBs.
It’s simple to implement because it doesn’t require any code. What’s more, the amount of time you spend monitoring and managing your system is significantly lower. However, vertical scaling is not the ideal approach either. A major downside is availability risk. You have one really powerful server, but what if something happens and it goes down? Your entire application will go offline due to a single point of failure.
2. Horizontal Scaling
Horizontal scaling means adding more hardware to your existing resource pool. For instance, you have two servers with 16 GBs of RAM each. If you want to scale your system, you’ll simply buy another server.
Horizontal scaling is much harder to implement. It requires a bit of code and knowledge. But after all, it can benefit you even more. There is no limit when it comes to adding new servers. You can distribute them across the globe and provide high availability of your application due to no single point of failure. When one server goes down, you have many more that are still running.
- Horizontal vs. Vertical Scaling
- Scalability Harvard Web Development David Malan
- High availability solutions
Monolithic vs Microservices architecture
A monolithic application describes a single-tier application where everything is combined into a single unit. All the layers, such as UI, business, data access are in the same codebase.
- Continuous deployment – one small change requires the entire application to redeploy itself
- Single point of failure
- Scalability issues
A microservices application is based on the single responsibility principle. Instead of one big unit, it has multiple small services that are responsible for the specific action.
- No single point of failure
- Independent deployment – one small change does not require the entire application to redeploy itself
- No strong consistency
- Worse performance
- Monolithic vs Microservice Architecture Debate
- Which is better: microservices or monolithic architecture
- When To Use Microservices (And When Not To!)
Real-time communication plays a significant role in today’s world. Chat applications, voice and audio transmitting, social media notifications – all of them are build on top of real-time protocols. So, what kinds of technologies do they use under the hood?
Websockets is a bidirectional communication protocol for the communication between client and server over the web. It was standardized in 2011, and it’s fully compatible with HTTP.
- High-speed data exchange
- No limit to the number of sessions
- Persistent channels of communication
- Relatively complex to set up
- Not every proxy supports it
XMPP (Extensible Messaging and Presence Protocol) is a communication protocol based on XML. It’s much older than Websockets, and it was introduced in 1999.
- Decentralized architecture
- Long session handshake
- Pretty verbose
- XML stream based makes framing inefficient
Server-sent events enable a client to receive automatic updates from a server via an HTTP connection. It’s a mono-directional protocol, so a client cannot send the data on its own. Because of that, Server-sent events are usually used in applications to update statuses, push notifications, receive a newsletter, etc.
- The browser reconnects automatically
- It has lower resources consumption
- It’s easier to integrate with existing authentication
- Mono-directional communication
- No native support for binary types
- Browser support is more limited
- Websockets Crash Course
- XMPP – Extensible Messaging and Presence Protocol
- Server-Sent Events Crash Course
How to Become a Backend Developer – Conclusion
This is only the beginning of your backend developer career. Now, it’s time for you to practice, experiment and build amazing projects. If you really take this journey seriously, check Best 17 Books for Programmers in 2021. This article contains the greatest books of all time that will move you to the next level as a programmer. Always try new things and help other people with their problems. Stay strong!
If this article gave you some value, don’t forget to share it with other people. Thank you!