I restarted my coding journey with a simple rule:
Improve 1% every day.
The features I worked on today include:
- Pagination
- Request Validation
- Spring Security
- JWT Authentication
Pagination in the Task API
Earlier, my API returned all tasks at once. That works when the data is small, but in real applications the database can contain thousands of records.
So I added pagination to the API.
Now tasks can be fetched page by page instead of loading everything in one response. This improves performance and makes the API much easier for the frontend to handle.
Request Validation
I also implemented request validation.
Before this, the API would accept requests even if important fields like the title or description were missing. Now the API validates the input and returns an error if required fields are not provided.
Spring Security Integration
Another major step today was adding Spring Security.
This allows the application to protect certain endpoints and control who can access them. Authentication-related routes remain public, while task-related endpoints now require authentication.
JWT Authentication
To handle authentication, I implemented JWT (JSON Web Token).
Instead of storing sessions on the server, the application now uses token-based authentication. When a user logs in, the server generates a token. The client then sends that token with every request to access protected endpoints.
What I Learned Today
Today helped me understand several important backend concepts:
- Why pagination is important for performance
- How validation helps maintain data integrity
- How Spring Security protects API endpoints
- How JWT enables stateless authentication
Top comments (1)
The "1% every day" framing is underrated — it removes the pressure of needing every session to be a breakthrough and makes consistency the actual goal. That's a hard mental shift to make.
One practical thing worth knowing as you go deeper with JWT in Spring Security: be careful what you put in the token payload. JWTs are base64-encoded, not encrypted by default, so anything in the claims is readable by anyone who intercepts the token. Keep sensitive data (roles are fine, but avoid things like email or PII) out of the payload, and always validate the signature on the server side rather than trusting the claims blindly.
Also, if you haven't added refresh token logic yet, that's a great next step — short-lived access tokens (15 min) paired with longer-lived refresh tokens gives you both security and usability. Keep going, Day 3 with pagination + validation + Spring Security is genuinely solid progress.