backend-coding

Expert backend development guidance covering Node.js, Python, Java, Go, API design (REST/GraphQL/gRPC), database patterns, authentication, caching, message queues, microservices, and testing. Produces production-ready, scalable, and secure backend code with industry best practices. Use when building APIs, implementing business logic, designing data models, integrating services, or when users mention backend development, server-side code, APIs, databases, or microservices.

16 stars

bydiegosouzapw

View on GitHub Installation ↓

Best use case

backend-coding is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using backend-coding should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/backend-coding/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/development/backend-coding/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/backend-coding/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How backend-coding Compares

Feature / Agent	backend-coding	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

AI Agents for Coding

Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.

Cursor vs Codex for AI Workflows

Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.

SKILL.md Source

# Backend Coding

Build production-ready backend services with proper architecture, security, performance optimization, and testing.

## Core Development Workflow

Follow this systematic approach for backend implementation:

## 1. Design API Endpoints

Define clear, RESTful API contracts before implementation.

**REST API Design Pattern:**

```
Resource-based URLs (use plural nouns):
✅ GET    /api/v1/users              - List users (paginated)
✅ GET    /api/v1/users/:id          - Get user by ID
✅ POST   /api/v1/users              - Create new user
✅ PUT    /api/v1/users/:id          - Replace entire user
✅ PATCH  /api/v1/users/:id          - Update user fields
✅ DELETE /api/v1/users/:id          - Delete user

❌ Avoid verb-based URLs:
❌ /api/v1/getUsers
❌ /api/v1/createUser
```

**Basic Example (Express.js):**

```typescript
router.get('/users',
  query('page').optional().isInt({ min: 1 }).toInt(),
  query('limit').optional().isInt({ min: 1, max: 100 }).toInt(),
  async (req, res, next) => {
    try {
      const errors = validationResult(req);
      if (!errors.isEmpty()) {
        return res.status(400).json({ errors: errors.array() });
      }

      const page = req.query.page as number || 1;
      const limit = req.query.limit as number || 20;
      const offset = (page - 1) * limit;

      const { users, total } = await userService.findAll({ 
        limit, offset 
      });

      res.json({
        data: users,
        pagination: { page, limit, total }
      });
    } catch (error) {
      next(error);
    }
  }
);
```

**For complete patterns:** [api-design.md](references/api-design.md)

### 2. Implement Database Layer

Use repository pattern for clean separation and testability.

**Repository Pattern (TypeORM):**

```typescript
export class UserRepository {
  private repository: Repository<User>;

  async findAll(params: { search?: string; limit: number; offset: number }) {
    const queryBuilder = this.repository
      .createQueryBuilder('user')
      .orderBy('user.createdAt', 'DESC');

    if (params.search) {
      queryBuilder.where(
        'user.name ILIKE :search OR user.email ILIKE :search',
        { search: `%${params.search}%` }
      );
    }

    return queryBuilder
      .take(params.limit)
      .skip(params.offset)
      .getManyAndCount();
  }

  async create(userData: UserCreate): Promise<User> {
    const hashedPassword = await bcrypt.hash(userData.password, 12);
    const user = this.repository.create({
      ...userData,
      password: hashedPassword
    });
    return this.repository.save(user);
  }
}
```

**For detailed patterns:** [database-patterns.md](references/database-patterns.md)

### 3. Implement Authentication

Secure JWT-based authentication with refresh tokens.

**JWT Authentication Pattern:**

```typescript
export class AuthService {
  private readonly JWT_SECRET = process.env.JWT_SECRET!;
  private readonly ACCESS_TOKEN_EXPIRY = '15m';
  private readonly REFRESH_TOKEN_EXPIRY = '7d';

  async login(email: string, password: string) {
    const user = await userRepository.findByEmail(email);
    if (!user || !await bcrypt.compare(password, user.password)) {
      throw new UnauthorizedError('Invalid credentials');
    }

    const accessToken = this.generateAccessToken(user);
    const refreshToken = this.generateRefreshToken(user);

    await tokenRepository.create({
      userId: user.id,
      token: refreshToken,
      expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
    });

    return { accessToken, refreshToken, user };
  }

  generateAccessToken(user: User): string {
    return jwt.sign(
      { userId: user.id, email: user.email, role: user.role },
      this.JWT_SECRET,
      { expiresIn: this.ACCESS_TOKEN_EXPIRY }
    );
  }
}

// Middleware
export const authenticate = async (req, res, next) => {
  const token = req.headers.authorization?.substring(7);
  if (!token) {
    return res.status(401).json({ error: 'Missing token' });
  }
  
  try {
    req.user = authService.verifyAccessToken(token);
    next();
  } catch (error) {
    res.status(401).json({ error: 'Invalid token' });
  }
};
```

**For complete implementation:** [authentication-and-authorization.md](references/authentication-and-authorization.md)

### 4. Implement Caching

Use Redis for performance optimization with cache-aside pattern.

**Caching Pattern:**

```typescript
export class CacheService {
  private redis: Redis;
  private readonly DEFAULT_TTL = 3600; // 1 hour

  async getOrSet<T>(
    key: string,
    fetchFn: () => Promise<T>,
    ttl: number = this.DEFAULT_TTL
  ): Promise<T> {
    // Try cache first
    const cached = await this.redis.get(key);
    if (cached) return JSON.parse(cached);

    // Fetch from database
    const data = await fetchFn();
    await this.redis.setex(key, ttl, JSON.stringify(data));
    
    return data;
  }

  async invalidate(pattern: string): Promise<void> {
    const keys = await this.redis.keys(pattern);
    if (keys.length > 0) await this.redis.del(...keys);
  }
}

// Usage in service
export class UserService {
  async findById(id: string): Promise<User | null> {
    return cache.getOrSet(
      `user:${id}`,
      () => repository.findById(id),
      3600
    );
  }

  async update(id: string, updates: Partial<User>): Promise<User | null> {
    const user = await repository.update(id, updates);
    await cache.invalidate(`user:${id}`);
    await cache.invalidate(`users:list:*`);
    return user;
  }
}
```

**For advanced strategies:** [caching-strategies.md](references/caching-strategies.md)

### 5. Implement Error Handling

Global error handling with custom error classes.

**Error Handling Pattern:**

```typescript
// Custom error classes
export class AppError extends Error {
  constructor(
    public statusCode: number,
    message: string,
    public isOperational: boolean = true
  ) {
    super(message);
    Error.captureStackTrace(this, this.constructor);
  }
}

export class ValidationError extends AppError {
  constructor(message: string, public errors: any[]) {
    super(400, message);
  }
}

export class UnauthorizedError extends AppError {
  constructor(message: string = 'Unauthorized') {
    super(401, message);
  }
}

export class NotFoundError extends AppError {
  constructor(message: string = 'Resource not found') {
    super(404, message);
  }
}

// Global error handler middleware
export const errorHandler = (err: Error, req: Request, res: Response, next: NextFunction) => {
  if (err instanceof AppError) {
    return res.status(err.statusCode).json({
      error: { message: err.message }
    });
  }

  console.error('Unexpected error:', err);
  res.status(500).json({ error: { message: 'Internal server error' } });
};

// Async handler wrapper
export const asyncHandler = (fn: Function) => {
  return (req: Request, res: Response, next: NextFunction) => {
    Promise.resolve(fn(req, res, next)).catch(next);
  };
};
```

### 6. Write Tests

Write comprehensive unit and integration tests.

**Testing Pattern:**

```typescript
describe('User API', () => {
  beforeAll(async () => {
    await AppDataSource.initialize();
  });

  afterAll(async () => {
    await AppDataSource.destroy();
  });

  beforeEach(async () => {
    await AppDataSource.synchronize(true);
  });

  describe('POST /api/v1/users', () => {
    it('should create a new user', async () => {
      const response = await request(app)
        .post('/api/v1/users')
        .send({
          email: 'test@example.com',
          password: 'SecurePass123!',
          name: 'Test User'
        })
        .expect(201);

      expect(response.body.data).toMatchObject({
        email: 'test@example.com',
        name: 'Test User'
      });
      expect(response.body.data.password).toBeUndefined();
    });

    it('should return 400 for invalid email', async () => {
      await request(app)
        .post('/api/v1/users')
        .send({
          email: 'invalid-email',
          password: 'SecurePass123!',
          name: 'Test User'
        })
        .expect(400);
    });
  });
});
```

## Framework-Specific Guides

Load detailed implementation guides for specific frameworks:

- **[nodejs-development.md](references/nodejs-development.md)** - Express, NestJS, Fastify, middleware, async handling
- **[python-development.md](references/python-development.md)** - Django, Flask, FastAPI, async/await, decorators

## Technology-Specific Patterns

Load detailed patterns for specific technologies:

- **[api-design.md](references/api-design.md)** - REST, GraphQL, gRPC, versioning, documentation
- **[database-patterns.md](references/database-patterns.md)** - ORMs, query optimization, transactions, migrations
- **[authentication-and-authorization.md](references/authentication-and-authorization.md)** - JWT, OAuth, RBAC, session management
- **[caching-strategies.md](references/caching-strategies.md)** - Redis patterns, cache invalidation, distributed caching
- **[microservices.md](references/microservices.md)** - Service communication, API gateways, circuit breakers

## Production-Ready Checklist

Before deployment, verify:

**Security:**

```
☐ Input validation on all endpoints (express-validator, Pydantic)
☐ SQL injection prevention (parameterized queries only)
☐ Password hashing with bcrypt/argon2 (cost factor ≥12)
☐ JWT tokens expire within 15 minutes, refresh tokens within 7 days
☐ Rate limiting: 100 req/min per user, 1000 req/min per IP
☐ CORS configured (not '*' in production)
☐ Environment variables for all secrets
☐ HTTPS only (TLS 1.3 minimum)
```

**Performance:**

```
☐ Database indexes on query columns
☐ Connection pooling configured (10-20 connections)
☐ Caching frequently accessed data (Redis, 1-hour TTL)
☐ Pagination for large result sets (limit ≤100 items)
☐ Async operations for I/O (non-blocking)
```

**Code Quality:**

```
☐ Repository pattern for data access
☐ Dependency injection for testability
☐ Global error handling with custom error classes
☐ Structured logging with request IDs
☐ Test coverage ≥80% (unit + integration)
☐ API documentation (OpenAPI/Swagger)
☐ Health check endpoint (/health)
☐ Graceful shutdown handling
```

## Critical Security Principles

**Never trust user input** - Validate everything
**Use parameterized queries** - Prevent SQL injection
**Hash passwords** - bcrypt with cost factor 12+, never store plain text
**Expire tokens quickly** - 15min access tokens, 7day refresh tokens
**Use HTTPS only** - TLS 1.3 minimum

## Critical Performance Principles

**Cache frequently accessed data** - Redis with appropriate TTL (typically 1 hour)
**Use database indexes** - On all query columns
**Paginate large result sets** - Max 100 items per page
**Use connection pooling** - 10-20 connections
**Async operations for I/O** - Don't block the event loop

Related Skills

backend-patterns

from diegosouzapw/awesome-omni-skill

Backend patterns for ORPC routers, Drizzle schemas, and server-side code. Use when creating API endpoints, database tables, or services.

backend-passport-js

from diegosouzapw/awesome-omni-skill

Authentication middleware for Express.js and Node.js applications. Use when building Express APIs that need JWT authentication, OAuth, or custom auth strategies. Provides 500+ authentication strategies. Choose Passport.js over Auth.js for Express backends, pure API servers, or when you need maximum control over auth flow.

backend-nodejs

from diegosouzapw/awesome-omni-skill

Node.js/TypeScript backend expert. Handles Express/Fastify API routes, TypeScript strict mode, Prisma ORM, Zod validation, error handling, configuration management. Use when project is Node.js backend (package.json + TypeScript server).

Backend Node.js Expert

from diegosouzapw/awesome-omni-skill

专注于 Node.js 后端开发模式与最佳实践。

Backend Migrations

from diegosouzapw/awesome-omni-skill

Create and manage database schema migrations with reversible operations, zero-downtime deployments, and safe rollback strategies. Use this skill when writing database migrations for PostgreSQL, MySQL, SQLite, MongoDB, or any database system; when using ORMs like Prisma, Sequelize, TypeORM, ActiveRecord, Django ORM, or similar migration tools; when implementing schema changes (adding tables, columns, indexes, constraints); when performing data migrations or transformations; when creating indexes on large tables with concurrent options to avoid locks; when separating schema changes from data migrations for safer rollbacks; when implementing zero-downtime deployment strategies for high-availability systems; when versioning database schemas and managing migration order; or when working with database change management in production environments.

backend

from diegosouzapw/awesome-omni-skill

Skill para diseñar y construir backends y APIs **modulares**, **auditables**, **resilientes** y **multi-tenant**, con seguridad fuerte, modelado correcto (incl. ledger cuando aplique), datos y jobs/colas operables.

backend-guidelines

from diegosouzapw/awesome-omni-skill

Comprehensive backend development guide for Node.js/Express/TypeScript microservices. Use when creating routes, controllers, services, repositories, middleware, or working with Express APIs, Prisma database access, Sentry error tracking, Zod validation, unifiedConfig, dependency injection, or async patterns. Covers layered architecture (routes → controllers → services → repositories), BaseController pattern, error handling, performance monitoring, testing strategies, and migration from legacy patterns.

backend-guide

from diegosouzapw/awesome-omni-skill

Complete backend development guide covering Node.js, Python, Go, Java, PHP, databases, APIs, authentication, and server architecture. Use when building server applications, APIs, or backend systems.

Backend Expert Pro

from diegosouzapw/awesome-omni-skill

A complete back-end specialist skill for designing scalable architectures, robust APIs, and secure server-side systems.

backend-expert-advisor

from diegosouzapw/awesome-omni-skill

Backend expert guidance for API/DB/Security/Architecture

backend-development

from diegosouzapw/awesome-omni-skill

Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.

backend-development-tdd-orchestrator

from diegosouzapw/awesome-omni-skill

Master TDD orchestrator specializing in red-green-refactor discipline, multi-agent workflow coordination, and comprehensive test-driven development practices. Enforces TDD best practices across teams with AI-assisted testing and modern frameworks. Use PROACTIVELY for TDD implementation and governance. Use when: the task directly matches tdd orchestrator responsibilities within plugin backend-development. Do not use when: a more specific framework or task-focused skill is clearly a better match.