DEV Community: Angha Ramdohokar

Exploring Software Architecture: My Path to Certification and Tactics

Angha Ramdohokar — Fri, 29 Sep 2023 11:43:59 +0000

Software architecture is the backbone of every successful software project.
As a software developer, I've always been fascinated by the art and science of software architecture. It's not just about writing code, it's about designing systems that are efficient, scalable, and maintainable.
To deepen my understanding and skills in this crucial field, I embarked on a journey to earn a software architecture certification.

In this blog, I'll take you through my personal journey of exploring software architecture, the challenges I faced, the valuable tactics I learned, and how this certification transformed my approach to software development.

The Quest Begins

My journey into the world of software architecture started with a simple realization – there's so much more to building software than just writing code just like an ice berg model.

I wanted to understand the principles and patterns that underpin robust software systems.
So, I decided to pursue a certification that would not only validate my knowledge but also push me to learn and grow.

Navigating the Certification Process

Earning a software architecture certification isn't a walk in the park. It required a structured approach and a commitment to continuous learning.
The certification program I chose covered a wide range of topics, from design patterns to architectural styles, quality attributes and documentation.
I had to manage my time effectively and strike a balance between work, study, and personal life.

Embracing Architectural Tactics
One of the most enlightening parts of my certification journey was delving into architectural tactics.
These are practical techniques that architects use to address common architectural concerns.
I learned how to make decisions about trade-offs, select appropriate design patterns, and ensure that the software system met its quality attributes.

- Common Architectural Concerns:

Performance: Tactics for optimizing system response times, throughput, and resource utilization.
Scalability: Tactics for ensuring that the system can handle increased workloads and growth in users or data.
Security: Tactics for protecting the system from vulnerabilities, threats, and unauthorized access.
Reliability: Tactics for ensuring the system's availability, fault tolerance, and error handling.
Maintainability: Tactics for making the system easier to evolve, update, and modify over time.
Usability: Tactics for enhancing the user experience and usability of the software.

- Examples of Architectural Tactics:

Caching: To improve performance, data that is frequently accessed can be cached in memory, reducing the need to fetch it from slower storage.
Load Balancing: To enhance scalability, incoming requests can be distributed evenly across multiple servers to prevent overloading a single server.
Encryption: To address security concerns, sensitive data can be encrypted to protect it from unauthorized access.
Redundancy: For reliability, critical components or services can be duplicated to provide fault tolerance.
Modular Design: To improve maintainability, the system can be designed with modular components that can be developed, tested, and updated independently.
User Interface Guidelines: To enhance usability, following user interface design principles and best practices can lead to a more user-friendly application.

- Choosing the Right Tactics:
Selecting the appropriate tactics depends on the specific requirements of your project.
There comes tradeoffs in picture, as they can have different effects on different quality attributes.

These tactics proved invaluable as I applied them to real-world projects, making my code more efficient and maintainable.

Overcoming Challenges

Every journey has its challenges, and my certification journey was no exception.
There were moments of self-doubt, late-night study sessions, and juggling multiple responsibilities.
But with determination and a support system of fellow learners and mentors, I was able to overcome these hurdles.

Conclusion

My journey of exploring software architecture through certification and the application of architectural tactics has been a rewarding experience.

Remember that the world of software architecture is waiting to be explored. It's a journey that will challenge you, inspire you, and ultimately make you a better developer.

Happy Reading :)

My Journey of Making an App Faster and Stronger: Scaling for Everyone

Angha Ramdohokar — Fri, 30 Jun 2023 07:38:56 +0000

Have you ever wondered how popular apps like Instagram or YouTube handle millions of users without crashing? Well, they achieve this by scaling their applications.
Scaling means making an app faster, stronger, and able to handle lots of people using it. In this blog post, I'll share my experience of scaling an app, its strategies and real-world examples to help you navigate this journey with confidence.

Why Apps Need Scaling ?

Identifying the reasons why scalability is necessary is extremely important.
Are you noticing that your application is taking too long to respond, frequently crashing, or having difficulty accommodating a large number of users?
Recognizing these issues is the key to understand why scaling is essential.

I faced the same problems with my application and identification of these pain points is first step towards finding a solution.

There comes Scaling.

Boosting Performance
To make my app faster, I started looking for tactics which can help me with performance.

After some readings, I have implemented following ways to make my application faster -

Use of data caching -
I implemented data caching, which is like creating a temporary storage space for frequently accessed information.
By storing commonly used data in the cache, the app could retrieve it more quickly, reducing the need to fetch the data from the database every time. I have used both server side and client side caching.
Use of stored procedures and indexes -
I optimized the way my app interacted with the database by utilizing stored procedures and indexes.
Stored procedures are pre-defined database commands that can be executed more efficiently than dynamic queries.
Indexes, on the other hand, are like bookmarks that help the database quickly find specific data.
By using these techniques, I minimized the time it took to retrieve and process the data, making the app more responsive.
Use of Aync await methods -
I implemented asynchronous programming using the async/await keywords. This allowed my app to perform multiple tasks simultaneously without blocking the main thread.

Horizontal vs. Vertical Scaling

Horizontal scaling, also known as scaling out, involves adding more machines or servers to distribute the workload.

When started exploring horizontal scaling, I found several benefits, it offered excellent scalability as I could simply add more servers to accommodate increasing user demand. It also allows to handle a larger number of users without sacrificing performance.

But I have faced couple of challenges too with horizontal scaling, which are mainly,

Data consistency
Multiple servers management

Next one is Vertical scaling, also known as scaling up, involves improving the capacity of a single machine or server.

With vertical scaling, I focused on enhancing the existing server's capabilities, such as increasing its processing power, memory, or storage capacity.

Vertical scaling provided some distinct advantages.
Firstly, it simplified the management and configuration of my app by working with a single server. There were no complexities like multiple servers.
Secondly, vertical scaling allowed me to use the full potential of a server, which led to significant performance improvements.

However, vertical scaling has its own limitations.
Eventually, a server would reach its maximum capacity, and after that scaling would require costly hardware upgrades.

Horizontal and vertical scaling together

When I undergo both these scaling, I started thinking like can I combine both and create a hybrid scaling. So I started implementing with load balancing and distributing the workload across multiple servers (horizontal scaling), Simultaneously, I used vertical scaling by optimizing the performance of individual servers, leveraging their increased resources.

But this hybrid approach allowed me to strike a balance between scalability and performance.

Testing and Learning
I used to test the changes I made to see if they improve the app's performance and scalability, I had also created an sheet where I wrote the actual numbers from testing(with load, without load etc.).

Sometimes things didn't work perfectly on the first try, but with each test, I got closer to finding the best solutions.

Continuous Improvement
My journey of scaling the app taught me the value of continuous improvement. Even after achieving a good results, I understood the importance of regularly monitoring the app's performance, analyzing user feedback, and making further optimizations.

Conclusion
Remember,

scaling is not a one-time task but a continuous process.

Embrace the feedback from your users, stay updated with the latest technologies, and always strive for further improvements.
By prioritizing performance and scalability, you can ensure that your app remains competitive, relevant, and loved by users.

I hope you found my journey and experiences of making an app faster and stronger through scaling insightful and valuable.

Happy Reading :)

Strategies for Managing Last-Minute Challenges During an App Release

Angha Ramdohokar — Mon, 27 Mar 2023 07:07:53 +0000

It’s a feeling that is familiar to software developers: the last-minute rush to get an application released. Whether it’s a looming deadline or an unexpected bug, software developers have come to expect the unexpected when it comes to the release process.

Recently, me and my team tasked with getting a application out the door. We had to move quickly and efficiently to ensure the release was successful and as you all know the pressure was on.

Lets talk about challenges that I have faced during application release.

Challenges during app release -

Managing user acceptance testing :

The UAT in our case happened during the final stages, and we encountered few issues from them. However, these were all missed requirements which needed to be developed after the UAT.

Loading data for marketing team :

During final stages of the release, we got a requirement in which we needed to load large amount of data on TEST so that marketing team can use it.

Addition of analytics tool to the application :

We also needed to add the various analytics tool code to our application so that we can track the traffic towards our application. But this as well is a last minute thing.

Access issues of production environment during deployment :

There are multiple permissions which are missing for our users so we need to wait till we got the permission.
Based on my experience, waiting for access during production release can be extremely stressful.

These are few challenges that I have faced there can be more items too. But from my experience I made a list of strategies that helped me for successful release and I think it can help you guys too.

Strategies for successful release -

Establish a release timeline :

It’s important to have a timeline for the release, which should include milestones for testing, bug fixes, and other important activities.
This timeline should be shared with the entire team and regularly updated to ensure everyone is on the same page.

Prioritizing testing :

Testing is a crucial part of the release process and should be done thoroughly. Make sure to prioritize testing and ensure that all features are working correctly prior to release.

Have a contingency plan :

Unexpected problems can arise during a release, so it’s important to have a contingency plan in place. This plan should include how to handle issues such as data loss and unexpected downtime.

Monitor performance :

Monitor the performance of the app before it’s released. This can help to identify any issues that weren’t detected can help you to quickly resolve them.

Communicate with team :

Make sure to communicate with team, infrastructure people too during the release process. These people can help you to tackle any last minute access issues.

Following these strategies can help to ensure that your last-minute tasks in application release goes as smoothly as possible.

On the day of the release, I was nervous and excited. I wanted to ensure that everything went smoothly and that no issues would arise and I was relieved when the application was released with no major issues.

All of this was stressful but it was one that I was glad I experienced.

Last-minute tasks during release can be an exciting challenge, and they are a great way to test your skills as a software developer.

I’ve learned a lot from this experience and I’m sure I’ll be faced with similar situations in the future.
No matter how stressful the situation, now I'm confident that can handle it with the right plan and dedication and my next release will go much smoother.

Good luck !!

Design considerations for large data import

Angha Ramdohokar — Mon, 02 Jan 2023 09:55:34 +0000

First thing that comes to mind after hearing term large data is some data which is bigger in volume. This can be also be defined like,

> Big Data is data that contains greater variety, arriving in increasing volumes and with more velocity. (3Vs)

The original relational database system made it so easy to work with data as long as the data size is small enough to manage.
However, when the data reach a significant volume, it becomes very difficult to work with because it would take a long time, or sometimes even be impossible, to read, write, and process successfully. This same problem occurs to me in a recent project. We had a large data system which is source of our data and we needed to import that data to another system.

Here are design considerations that I followed when working on large data import,

1. Data extraction

In data extraction, I did two types of extraction- data extraction for once and data extraction in sync

Data extraction for once
In this, we needed to extract all the data from source data system one time.
There are multiple ways from which you can extract data depending on source system.

In my case the source data was present in sql server.
Thus, I have followed following steps ,

I have executed sql scripts to get only the data I wanted from source system data tables.
Then saved that data in .csv files using save as options from results menu of sql server.

There is another option as well i.e. to generate scripts for data objects you want to extract data from.

Data extraction in sync
In this, we needed to extract the data in sync i.e. we need to extract data frequently after a specific time interval.

Thus, we have a stored procedure that gets executed through a web job and that stored procedure has a logic written to extract the data from source system and save it in a .csv file on the server.

We set that web job to be executing every five minutes and update the existing csv files with new ones.

2. Data transformation

In data transformation, we can have things that can transform the data in one form to another.
In first step, we extracted data and saved that to .csv file. Now in this step I have changed that data in a manner that it is of my target system data form.

I have done following things under data transformation,

Bad data removal
Conversion of date fields
Update columns to target data table columns
Delete duplicate data
Save the file in excel format for load

Transformation may include other aspects as well like integrating data from multiple sources to one format and then doing manipulation on them

3. Data load

In data load, we actually load extracted and transformed data in step 1&2.

For data load, in my case my destination system is azure sql server so I have used the SQL server import and export wizard and followed these steps,

Choose a data source : Selecting the excel file with data
Choose destination : Your destination database
Specify the data table & select source tables
Run the wizard

You might face some issues with bad data if the data is not corrected properly or if the transformed data is not in desired format.

After successfully running the SQL server import and export wizard, you can see your data being imported successfully from source to destination systems.

You can load the data using sql scripts as well if you have extracted them using sql generate scripts feature mentioned in step 1.

After data load, we have checked performance of all the pages and endpoints. Looking at those numbers, we tried fix the performance issues with the help of following things,

Adding non clustered indexing to required data tables.
Selected only required data table columns instead of returning all from an endpoint.
Adding offset and limit for all the GET endpoints.

We also added spinner to show up until all the endpoints are completed running.

These are the performance numbers after all the improvements,

Conclusion

Now a days, applications that need to process large amounts of data are more likely to increase. So, it's essential to understand the problems and design a solution according to their need. Thus, these design considerations will be helpful in such scenarios.

Happy Reading !!

API Authentication - JWT vs OAuth

Angha Ramdohokar — Thu, 29 Sep 2022 07:05:02 +0000

In my current project, we were designing a system with multiple APIs. The APIs we are building will be used by other systems as well. Whenever there is an API call we need to secure that API from external users so that we know only authenticated users are making use of our APIs and that is nothing but API authentication.

API Authentication

In simple terms, API authentication is all about proving or verifying the identity of the people accessing your system.

Its goal is to prevent attacks from cybercriminals who snoop around websites looking for the slightest vulnerability to take advantage of.
There are various methods that can help us to prevent our APIs.

Methods of API Authentication

Our requirement was quiet simple that we need to secure our APIs in a way that other systems can easily use it. But at the same time we don't want to share our username and password with other systems. Also in future there can be a case that we implement federated identity management so whatever approach we choose now for API authentication can be used when we switch to federated identities.

So taking in consideration all the requirements we drill down to two API authentication methods -

API Key Authentication
OAuth Authentication

In this article I will be sharing in detail about these two authentication methods.

API Key Authentication -

API Key is a code used to identify and authenticate an application or user.

IP84UTvzJKds1Jomx8gIbTXcEEJSUilGqpxCcmnx

API Keys are very simple to use from the consumer perspective:

You get an API key from the service.
Add the key to an Authorization header.
Call the API.

On the other hand, simplicity may raise security concerns. Here are its limitations -

Shifting of Responsibility - What happens if someone else comes upon an API key that is not their own? In most cases, they can use the API key with all the privileges of the rightful owner. Depending on the API, they may be able to retrieve all the data, add incorrect content, or delete everything. This way the security of the system as a whole is entirely dependent on the ability of the developer/consumer to protect their API keys and maintain security.
Lack of Granular Control -
One precaution that some API designers take is to use API keys for read-only data. For APIs that don’t need write permissions, this is especially useful, while limiting risk. However, this approach limits the APIs that may require more granular permissions.

*What it comes down to is that API Keys are, by nature, not a complete solution. *

There comes the JWT(JSON Web Token) in picture that can be used along with API key authentication.

JSON Web Token

Both API key and JWT can provide authentication and authorization. API key is on project scope and JWT is on user scope.
A JWT token can contain information like its expiration date and a user identifier to determine the rights of the user across the entire ecosystem.

JWT authorization offers flexibility, reliability, and more security.
Any API that requires authentication can easily switch over to JWT’s authorization. With JWT authorization, you get a user-based authentication. Once the user is authenticated, the user gets a secure token that they can use on all systems. You set up access rights and you give each user different rights for each system. The JWT authorization endpoint authenticates the user and creates the token.
In sum, sometimes JWT is absolutely needed and sometimes it’s overkill.
JWT is overkill in two situations:

A simple ecosystem with only a few APIs
Suppliers of third-party APIs.

OAuth Authentication -

OAuth is the answer to accessing user data with APIs.

If you’ve ever seen one of the dialogs below, that’s what I'm talking about. This is an application asking if it can access data on your behalf.

This is nothing but OAuth.
OAuth is a delegated authorization framework for REST/APIs. It enables apps to obtain limited access (scopes) to a user’s data without giving away a user’s password.

You can think of this like hotel key cards, but for apps. If you have a hotel key card, you can get access to your room. How do you get a hotel key card? You have to do an authentication process at the front desk to get it. After authenticating and obtaining the key card, you can access resources across the hotel.

To break it down simply, OAuth is where:

App requests authorization from User
User authorizes App and delivers proof
App presents proof of authorization to server to get a Token
Token is restricted to only access what the User authorized for the specific App.

OAuth, specifically OAuth 2.0, is a standard for the process that goes on behind the scenes to ensure secure handling of these permissions.
With a federated system module, OAuth Authentication 2.0 offers security scalability and the best user experience.
However, it’s also more work for developers and API providers to implement and maintain.

Another tool to consider that complements OAuth 2.0 is OpenID Connect. It works as an identity layer you can deploy on top of the protocol so the API can verify a client’s identity and profile via authentication performed by the authorization server.

Conclusion

You can use any authentication method to secure your APIs but the choice should be made depending on your system's requirements.
As we have seen all these authentication methods aren't mutually exclusive so you can use all of them at once. Or, each could be used independently of the others.
But securing your APIs and choosing right level of authentication is very important.

I hope this helps you to choose better API authentication method!

Happy Reading :)

Refactoring of API calls

Angha Ramdohokar — Thu, 17 Mar 2022 05:33:07 +0000

In my recent project, we have written multiple express APIs for different purposes and called them from react code. In this case multiple APIs have their different routes, definition and responses. Every api is having their CRUD operations and we have written separate code to call every api.

What this will lead to ? Code duplication and Code mess.
So I was thinking what I can do to avoid this mess and have a simple approach to call these APIs.

I spent time on analyzing the code we have written to call these APIs, what are the code duplication sections? can we make this generic any how?

As a result of analysis, I found that for every api call we have set of functions which can be minimized to generic ones and call for every API.

Following are set of things I have implemented for refactoring of API calls-

1. Division of code

In each place of API call, I found that we have performed CRUD (Create, Read, Update, Delete) operation only which can be moved to separate files and only difference is the name of resource e.g. /v1/api/users
/v1/api/companies

So users, companies are nothing but our resource the first part of api is same for all.
Keeping all these things in mind, we made following division-

api.provider.ts :
This file is having CRUD operation definition for API calls. It includes axios calling as its promise based and we can handle the responses the way we wanted.

// Define your api url from any source. Pulling from your .env   // file when on the server or from localhost when locally
const BASE_URL = Api_base_CRUD; 

/** @param {string} resource */ 
const getAll = (resource: string) => { 
  return axios 
    (`${BASE_URL}/${resource}`) 
    .then(resp => resp.data) 
    .catch(handleError); 
}; 

/** @param {string} resource */ 
/** @param {string} id */ 
const getSingle = (resource: string, id: string) => { 
  return axios 
    .get(`${BASE_URL}/${resource}/${id}`) 
    .then(resp => resp.data) 
    .catch(handleError); 
}; 

/** @param {string} resource */ 
/** @param {object} model */ 
const post = (resource: string, model: object) => { 
  return axios 
    .post(`${BASE_URL}/${resource}`, model) 
    .then(resp => resp.data) 
    .catch(handleError); 
}; 

/** @param {string} resource */ 
/** @param {object} model */ 
const patch = (resource: string, model: object) => { 
  return axios 
    .patch(`${BASE_URL}/${resource}`, model) 
    .then(resp => resp.data) 
    .catch(handleError); 
}; 

/** @param {string} resource */ 
/** @param {string} id */ 
const remove = (resource: string, id: AxiosRequestConfig<any> | undefined) => { 
  return axios 
    .delete(`${BASE_URL}/${resource}/${id}`, id) 
    .then(resp => resp.data) 
    .catch(handleError); 
};

api.core.ts :
This is a class from where we can make calls to the provider file methods. Here we can pass the resource urls as well.

import {apiProvider} from './api-provider';

export class ApiCore {
  getAll!: () => any;
  getSingle!: (id: any) => any;
  post!: (model: any) => any;
  patch!: (model: any) => any;
  remove!: (id: any) => any;
  url!: string;

  constructor(options: { getAll: any; url: any; getSingle: any; post: any; patch: any; remove: any}) {
    if (options.getAll) {
      this.getAll = () => {
        return apiProvider.getAll(this.url);
      };
    }

    if (options.getSingle) {
      this.getSingle = (id) => {
        return apiProvider.getSingle(this.url, id);
      };
    }

    if (options.post) {
      this.post = (model) => {
        return apiProvider.post(this.url, model);
      };
    }

    if (options.patch) {
      this.patch = (model) => {
        return apiProvider.patch(options.url, model);
      };
    }

    if (options.remove) {
      this.remove = (id) => {
        return apiProvider.remove(this.url, id);
      };
    }

  }
}

api.operation.ts :
This will be the actual file we will be making use of when making api calls, this includes making an object of api-core class and specify the parameters for the constructor.

import { ApiCore } from "./api-core";

const apiOperation = new ApiCore({
  getAll: true,
  getSingle: true,
  post: true,
  patch: true,
  remove: true,
  url: "",
});
export default apiOperation;

2. Implementing API calls

Now its time to make calls to our api using the generic api files we have created.

import apiUsers from '../../api-operation';

function callUsersData(){
  apiUsers.url = "users";
  apiUsers.getAll()
  .then((resp:any) => {
    let user = resp.data?.rows; 
  })
}

The only thing that will be different in each api is their url, everything else is generic now.

Conclusion :
By making division of files and using the generic functions for api call, now the code base looks simple, easy to read and mainly we removed code duplication.
I hope this helps you manage your API code structure easily manageable and understandable as your code base and team grows!

Here is a link of reference used while doing implementation :
https://dev.to/mmcshinsky/a-simple-approach-to-managing-api-calls-1lo6

Happy Reading :)

Creating RESTful APIs with Node and MongoDB

Angha Ramdohokar — Sun, 26 Sep 2021 16:20:20 +0000

During my career as a software developer, I have written RESTful APIs in different languages and used different frameworks for it like VB.net, C#, Java, ASP.NET etc. But recently I got an opportunity to create RESTful APIs using Node js.

Node.js is a server-side platform built on Google Chrome's JavaScript Engine (V8 Engine). Node.js provides a backend web application framework called as Express. It is designed for building web applications and APIs. MongoDB is an open-source document-oriented database.

We’ll be building a RESTful CRUD (Create, Retrieve, Update, Delete) API with Node.js, Express and MongoDB. We’ll use Mongoose for interacting with the MongoDB instance.

Prerequisites

Install Node.js and MongoDB on your machine if you have not done already and use any development environment like Visual Studio Code

Creating application

Open new terminal and create new folder for the application.

PS C:\> mkdir node-blog-app

2.Initialize application with package.json file

At root of the folder, type npm init to initialize your app with a package.json file.

PS C:\> cd node-blog-app      
PS C:\node-blog-app> npm init

package name: (blog-app) node-blog-app
version: (1.0.0)
description: Creates blogs easily and quickly.
entry point: (index.js) server.js
test command:
git repository:
keywords: Express,RestAPI,MongoDB,Mongoose,Blogs
author: dev.to
license: (ISC)

Here we have defined entry point as server.js file so we will create it further down.

3.Install application dependencies

We will need express, mongoose. Let’s install them by typing the following command -

PS C:\node-blog-app> npm install express mongoose --save

--save will save these dependencies in package.json file.

4.Setting up the web server
Now we will create the main entry point of our application named server.js in the root folder of the application with the following contents-

const express = require('express');

// create express app
const app = express();

// parse requests of content-type - application/x-www-form-urlencoded
app.use(express.urlencoded({ extended: true }))

// parse requests of content-type - application/json
app.use(express.json())

// define a simple route
app.get('/', (req, res) => {
    res.json({"message": "Welcome to E-Blog. Creates blogs easily and quickly."});
});

// listen for requests
app.listen(3000, () => {
    console.log("Server is listening on port 3000");
});

First, we import express then we create an express app, and add two parser middlewares using express’s app.use() method.

If you are using Express >= 4.16.0, body parser has been re-added under the methods express.json() and express.urlencoded().

Then, We define a simple GET route which returns a welcome message to the clients.
Finally, We listen on port 3000 for incoming connections.

Let’s now run the server and go to http://localhost:3000 to access the route we just defined.

PS C:\node-blog-app> node server.js

5.Database configuration and connection
Create new file named as database.config.js inside app/config folder with the following contents -

module.exports = {
    url: 'mongodb://localhost:27017/blogs'
}

Now we will import the above database configuration in server.js and connect to the database using mongoose.

Add the following code to the server.js.

// Configuring the database
const dbConfig = require('./config/database.config.js');
const mongoose = require('mongoose');

mongoose.Promise = global.Promise;

// Connecting to the database
mongoose.connect(dbConfig.url, {
    useNewUrlParser: true
}).then(() => {
    console.log("Successfully connected to the database");    
}).catch(err => {
    console.log('Could not connect to the database. Exiting now...', err);
    process.exit();
});

Please run the server.js and make sure that you’re able to connect to the database -

PS C:\node-blog-app> node server.js
Server is listening on port 3000
Successfully connected to the database

6.Defining the Blog model in Mongoose
Create a file called blog.model.js inside app/models folder with the following contents -

const mongoose = require('mongoose');

const BlogSchema = mongoose.Schema({
    title: String,
    content: String
}, {
    timestamps: true
});

module.exports = mongoose.model('Blog', BlogSchema);

7.Defining Routes using Express
Create a new file called blog.routes.js inside app/routes folder with the following contents -

module.exports = (app) => {
    const blogs = require('../controllers/blog.controller.js');

    // Create a new Blog
    app.post('/blogs', blog.create);

    // Retrieve all Blogs
    app.get('/blogs', blog.findAll);

    // Update a Blog with blogId
    app.put('/blogs/:blogId', blog.update);

    // Delete a Blog with blogId
    app.delete('/blogs/:blogId', blog.delete);
}

8.Writing Controller functions
Create a new file called blog.controller.js inside app/controllers folder.

Creating a new Blog-

// Create and Save a new Blog
exports.create = (req, res) => {

    // Create a Blog
    const blog = new Blog({
        title: req.body.title, 
        content: req.body.content
    });

    // Save Blog in the database
    blog.save()
    .then(data => {
        res.send(data);
    }).catch(err => {
        res.status(500).send({
            message: err.message || "Some error occurred while creating the Blog."
        });
    });
};

Retrieving all Blogs -

// Retrieve and return all blogs from the database.
exports.findAll = (req, res) => {
    Blog.find()
    .then(blogs => {
        res.send(blogs);
    }).catch(err => {
        res.status(500).send({
            message: err.message || "Some error occurred while retrieving blogs."
        });
    });
};

Updating a Blog -

// Update a blog identified by the blogId in the request
exports.update = (req, res) => {

    // Find blog and update it with the request body
    Blog.findByIdAndUpdate(req.params.blogId, {
        title: req.body.title,
        content: req.body.content
    }, {new: true})
    .then(blog => {
        if(!blog) {
            return res.status(404).send({
                message: "Blog not found with id " + req.params.blogId
            });
        }
        res.send(blog);
    }).catch(err => {
        if(err.kind === 'ObjectId') {
            return res.status(404).send({
                message: "Blog not found with id " + req.params.blogId
            });                
        }
        return res.status(500).send({
            message: "Error updating blog with id " + req.params.blogId
        });
    });
};

The {new: true} option in the findByIdAndUpdate() method is used to return the modified document to the then() function instead of the original.

Deleting a Blog-

// Delete a blog with the specified blogId in the request
exports.delete = (req, res) => {
    Blog.findByIdAndRemove(req.params.blogId)
    .then(blog => {
        if(!blog) {
            return res.status(404).send({
                message: "Blog not found with id " + req.params.blogId
            });
        }
        res.send({message: "Blog deleted successfully!"});
    }).catch(err => {
        if(err.kind === 'ObjectId' || err.name === 'NotFound') {
            return res.status(404).send({
                message: "Blog not found with id " + req.params.blogId
            });                
        }
        return res.status(500).send({
            message: "Could not delete blog with id " + req.params.blogId
        });
    });
};

Check out Mongoose API documentation.

Testing of Blogs API-
Check out this in POSTMAN to test Blogs APIs.

Conclusion
In this blog, We learned how to build REST APIs in Node.js using express framework and mongodb.
Please ask any questions that you might have in the comment section below.

Thanks for reading.