HTTP from the server side · Backend

What is HTTP on the server?

On the frontend you send requests. On the backend you receive them and decide the response. The same protocol, seen from the other end: you read the method, path, headers, and body, then you choose a status code and write a response. Frameworks wrap this, but underneath every handler is the same contract.

Why it matters

The status code and headers you return are an API's body language. A wrong one breaks caching, retries, and clients in ways that are painful to debug. Returning 200 with an error message in the body is one of the most common junior tells. Getting this right is most of what "good API design" means in practice.

What to learn

The common methods and their intent: GET, POST, PUT, PATCH, DELETE
Idempotency and safety, and why GET must not change data
Status code families: 2xx, 3xx, 4xx, 5xx, and the ones you actually use
Request and response headers that matter day to day
Content negotiation and Content-Type
Reading a request body, and parsing JSON safely
Cookies and where the server sets them

Common pitfall

Returning 200 OK for everything and putting { "error": "not found" } in the body. Clients, caches, and monitoring all read the status code first. Use 404 for missing, 400 for bad input, 401/403 for auth, 500 for your own crash. The body explains; the status code decides.

Resources

Primary (free):

Practice

Extend your bare Node server to route on method and path. Return 200 with JSON for GET /health, 201 for a POST /items that echoes the parsed body, 404 for anything unmatched, and 400 when the POST body is not valid JSON. Test each with curl and confirm the status code in the response. Done when all four return the correct code.

Outcomes

Pick the correct status code for success, client error, and server error.
Explain why GET must be safe and idempotent.
Parse a JSON request body and reject invalid input with 400.
Read response headers to debug a misbehaving client.