Sunday, 31 March 2019

Industry standard for website that uses its own private API?

The SetupI'm working on an eCommerce site for a family member. NodeJS backend, built with Express.Some of the routes are solely for rendering pages. Examples might be GET /about-us or GET /shop. Nothing fancy, no additional server calls needed.But then there are the other routes, that I refer to as "API Routes". These API routes do not render any content, and act exclusively for exchanging data between the frontend and backend - just like a REST API. An example might be GET /products/[productID]?q=20&f=120.The ProblemI have all the API routes in their own directory, and have built them all exactly like I would a public REST API - even though this is not a public API and its endpoints will never be used on any other site.One annoying issue I've run into has to do with sessions. A true RESTful API is stateless, and does not have a check for isLoggedIn, but some of the rendering routes do have this.There are a decent number of API endpoints for managing the shop and products and orders, so I'd like to keep all that functionality separate from the rendering routes. Additionally, having these API routes without rendering makes it super easy for single-page behavior (collecting/emitting data, checking status, etc).The QuestionWhat is the industry standard approach for a site like this? Will I go to hell if I don't make the API routes stateless? Is there a better way?Thanks for any insight!

Submitted April 01, 2019 at 03:06AM by rockitman12

No comments:

Post a Comment