DEV Community: Paramanantham Harrison

Hands-On Workshop: Build Your Own AI Agent from Scratch (Free!)

Paramanantham Harrison — Wed, 22 Oct 2025 16:49:11 +0000

AI agents are the next big thing in 2025 — capable of reasoning, tool use, and automating complex tasks. Most devs talk about them, few actually build them. Here’s your chance to create one yourself.

In this free 90-min workshop, you’ll:

Design and deploy a real AI agent
Integrate tools and workflows
Implement memory, reasoning, and decision logic

Bonus: add voice input/output for an interactive experience

By the end, you’ll have a portfolio-ready agent and the know-how to scale it further.

🎯 Who it’s for: Software engineers, AI enthusiasts, and anyone ready to go beyond demos and tutorials.

RSVP now: https://luma.com/t160xyvv

💡 Extra: Join our bootcamp to master multi-agent systems, tool orchestration, and production-ready AI agents.

Day 7: BackendChallenges.com – The Frontend Security Checklist Devs Ignore

Paramanantham Harrison — Tue, 25 Mar 2025 08:58:45 +0000

Why Frontend Security Matters?

You might think backend is where security lives.

But truth is—most backend breaches start in the frontend.

🔐 Challenge #1: Fix Leaky Token Storage

Problem:

Your React app stores access tokens in localStorage.

Fix:

✅ Use HttpOnly secure cookies

❌ Never expose tokens to JS or extensions

💡 Bonus: Rotate tokens securely

🔍 Challenge #2: Input Validation

Problem:

User input from forms is sent directly to APIs.

Fix:

✅ Validate input on frontend AND backend

✅ Escape special characters

✅ Use a schema validator like zod or yup

🌍 Challenge #3: Lock Down CORS

Problem:

Your frontend is served from any origin.

Your API allows Access-Control-Allow-Origin: *

Fix:

✅ Only allow specific trusted origins

✅ Block credentials from being shared

🛡️ Start fixing frontend risks before they hit your backend:

👉 Frontend Security Checklist

How to Fix Broken Auth in Your App (JWT & OAuth2)

Paramanantham Harrison — Sat, 22 Mar 2025 18:38:34 +0000

Most apps fail at the first layer: authentication. In this episode, we walk through common JWT & OAuth2 mistakes developers make—and how to fix them.

You’ll learn:

How JWTs get leaked
What a secure OAuth2 flow looks like
How to prevent brute-force login attacks
💡 Want to try these hands-on?

Do the short course here → https://www.backendchallenges.com/course/fix-broken-authentication-using-jwt-and-oauth2/learn

Day 6: BackendChallenges.com - Fix Broken Authentication with JWT & OAuth2 🔐

Paramanantham Harrison — Sat, 22 Mar 2025 18:23:29 +0000

Why Authentication Fails?

Most developers secure their login system after it's been compromised.

But let’s be real:

Storing JWTs in localStorage is risky
Misconfigured OAuth2 flows are a hacker’s paradise
No brute-force protection? You’re asking for trouble

🛡️ Challenge #1: Lock Down JWTs

The Problem

Users receive JWTs after login. But they’re stored insecurely, never expire, and can be replayed if stolen.

The Fix

1️⃣ Store JWTs in secure cookies (HttpOnly)

2️⃣ Use short-lived tokens + refresh tokens

3️⃣ Rotate tokens when users log out or sessions expire

💡 Bonus Challenge: Add token blacklisting after password reset.

🔐 Challenge #2: Harden Your OAuth2 Flow

The Problem

Your OAuth2 flow is missing PKCE, using implicit grants, and has overly broad scopes.

The Fix

1️⃣ Use Authorization Code + PKCE

2️⃣ Define narrow scopes

3️⃣ Securely store tokens, and rotate them regularly

💡 Bonus Challenge: Add rate limits to your OAuth login flow.

💣 Challenge #3: Stop Brute Force Attacks

The Problem

Anyone can try 1000s of login attempts without resistance.

The Fix

1️⃣ Add rate limits to /login and /reset-password

2️⃣ Lock accounts temporarily after X failed attempts

3️⃣ Track login attempts per IP & user

Final Thought:

Authentication is your app’s front door.

Don’t leave it wide open.

👉 Start solving these challenges now:

Fix Broken Auth – Backend Challenges

Day 5: BackendChallenges.com - Building Rate Limiting for Scalable APIs 🚀

Paramanantham Harrison — Wed, 19 Mar 2025 19:42:21 +0000

Why Rate Limiting Matters?

APIs power the web, but without rate limiting, a single user (or bot) can overload your system. Think about how login attempts, API calls, and DDOS attacks could take down your app.

Let’s see if you can design a rate-limiting system like the pros!

🛡️ Challenge #1: Implement Basic Rate Limiting

The Problem

Your API is getting too many requests from a single user. You need to limit how often they can hit an endpoint.

The Solution

1️⃣ Use a token bucket or fixed window algorithm to track requests.

2️⃣ Allow users X requests per minute (e.g., 100 requests/min).

3️⃣ Return 429 Too Many Requests when the limit is hit.

💡 Bonus Challenge: Implement different rate limits for free and premium users.

🔄 Challenge #2: Scaling Rate Limiting with Redis

The Problem

Your rate-limiting logic fails at scale—you need to distribute it across multiple servers.

The Solution

1️⃣ Store request counts in Redis (fast & scalable).

2️⃣ Sync rate limits across all API servers in real-time.

3️⃣ Implement IP-based & user-based rate limits for more security.

💡 Bonus Challenge: Implement Geo-based rate limiting (e.g., limit per region).

Final Thoughts

Rate limiting isn’t just about stopping spam—it’s about:

✅ Preventing abuse & DDOS attacks

✅ Scaling APIs without crashes

✅ Fair usage between free & premium users

🚀 Want more challenges like this? Start learning here 👉 Backend Challenges

Scaling APIs without breaking them using Rate Limiting

Paramanantham Harrison — Wed, 19 Mar 2025 19:35:01 +0000

APIs handle millions of requests daily, but without rate limiting, they crash, slow down, and get abused.

In today’s episode, we discuss how to build scalable rate limiting systems, from basic throttling to Redis-powered distributed solutions.

APIs don’t break because of traffic. They break because they aren’t designed to handle traffic well. That’s where rate limiting comes in. Think about it—if every user could send unlimited requests, the whole system would crash. But how do you set the right limits without blocking real users? We’ll break it down in today’s episode, from simple request caps to Redis-based distributed rate limiting. Let’s dive in!

🚀 Want to become a backend expert? Start now 👉 https://backendChallenges.com

Day 4: BackendChallenges.com - Dynamic Pricing Challenge

Paramanantham Harrison — Tue, 18 Mar 2025 08:21:06 +0000

Why Dynamic Pricing Matters?

From Uber surge pricing to airline ticket prices, dynamic pricing is everywhere. The challenge? Building a system that adjusts prices in real-time based on demand, location, and external factors.

Let’s see if you can design a real-time pricing engine like Uber!

🏎️ Challenge #1: Implement Surge Pricing Based on Demand

The Problem

Your ride-sharing app needs to increase ride prices when demand is high and decrease them when demand drops.

The Solution

1️⃣ Track active ride requests in different locations.

2️⃣ Set surge rules (e.g., if demand is 2x the available drivers, increase price by 1.5x).

3️⃣ Calculate real-time fares based on demand levels.

💡 Bonus Challenge: Implement a cool-down period so prices don’t fluctuate too fast.

💰 Challenge #2: Predict Prices Using Traffic & Weather Data

The Problem

Pricing should adjust based on real-world conditions—bad weather or heavy traffic should increase fares.

The Solution

1️⃣ Fetch traffic & weather data from an external API.

2️⃣ Assign weight factors (e.g., +20% fare in heavy rain, +15% during peak traffic).

3️⃣ Integrate this into your pricing algorithm to adjust fares dynamically.

💡 Bonus Challenge: Use historical ride data to predict optimal fare adjustments for different cities.

Final Thoughts

Dynamic pricing isn’t just about raising prices—it’s about:

✅ Balancing demand & supply dynamically

✅ Using real-time data to make smart pricing decisions

✅ Ensuring fairness for riders & profitability for drivers

🚀 Want more challenges like this? Start learning here 👉 Backend Challenges

Day 3: BackendChallenges.com - Why Multi-Tenancy Matters?

Paramanantham Harrison — Sun, 16 Mar 2025 15:28:33 +0000

From SaaS platforms to cloud services, multi-tenancy is the backbone of scalable applications. Instead of running separate instances for each customer, a well-designed multi-tenant system ensures efficiency, security, and maintainability—but it comes with its own challenges.

Here’s a real-world challenge to test your multi-tenancy skills.

🏢 Challenge: Design a Multi-Tenant Database for a SaaS Platform

The Problem

You’re building a SaaS application where multiple businesses (tenants) need their own user accounts and data, but they should never access each other’s information.

The Solution

Choose a multi-tenancy approach:

Shared Database, Shared Schema (Single Table with a tenant_id column)
Shared Database, Isolated Schemas (One schema per tenant)
Separate Databases per Tenant (Complete isolation but complex management)

Tasks:

Design the user authentication model ensuring a user can only access their tenant's data.
Implement role-based access control (RBAC) per tenant.
Optimize query performance to ensure scalability as more tenants join.

💡 Bonus Challenge: Implement soft deletions instead of hard deletions to prevent accidental data loss.

Final Thoughts

Multi-tenancy isn’t just about storing data—it’s about designing a system that scales securely, efficiently, and cost-effectively.

Scaling strategy matters: Choose the right database model.
Security is key: Ensure tenants can’t access each other’s data.
Performance counts: Indexing & partitioning can help with query speed.

🚀 Want more challenges like this along with detailed solutions? Start learning here 👉 Backend Challenges

Day 2: BackendChallenges.com - Why REST API Design Matters

Paramanantham Harrison — Thu, 13 Mar 2025 10:21:18 +0000

APIs are the backbone of modern applications, allowing different systems to communicate seamlessly. But designing efficient, scalable, and secure REST APIs requires more than just setting up routes. Here are two hands-on challenges to improve your API skills.

🌍 Challenge #1: Design an API for User Authentication

The Problem

Your application needs user authentication, but storing plain passwords is a huge security risk. Design an authentication API that securely handles user login and registration.

The Solution

Create an endpoint for user registration that:
- Stores hashed passwords using bcrypt or Argon2.
- Returns a success message upon registration.
Create a login endpoint that:
- Validates credentials.
- Issues a JWT token upon successful login.

💡 Bonus Challenge: Implement token expiration and refresh tokens for improved security.

📦 Challenge #2: Design a CRUD API for a Product Catalog

The Problem

E-commerce platforms need APIs to manage products dynamically. Build a REST API that supports CRUD operations for a product catalog.

The Solution

Create an endpoint to add new products (POST /products)
Fetch a product by ID (GET /products/{id})
Update product details (PUT /products/{id})
Delete a product (DELETE /products/{id})

💡 Bonus Challenge:

Add pagination and filtering for large datasets.
Implement rate limiting to prevent abuse.

Final Thoughts

REST API development is not just about exposing endpoints—it’s about designing scalable, secure, and maintainable APIs.

Secure user data with authentication best practices.
Make APIs efficient by optimizing CRUD operations.
Improve performance with pagination, caching, and rate limiting.

🚀 Want to test yourself with more API challenges? Start learning here 👉 Backend Challenges

Day 1: BackendChallenges.com - Why SQL matters more than you think

Paramanantham Harrison — Tue, 11 Mar 2025 20:20:58 +0000

SQL isn’t just about writing queries—it’s about solving real-world problems efficiently. Whether it's finding missing data, preventing bad entries, or making queries smarter, knowing how to handle these challenges can set you apart as a backend engineer.

Here are three fun challenges to sharpen your SQL skills.

🛒 Challenge #1: The case of missing orders

The problem

You run an e-commerce site, and your team wants to find users who signed up but never placed an order.

The solution

Use a LEFT JOIN to find customers who don’t have matching orders.

SELECT c.id, c.name
FROM customers c
LEFT JOIN orders o ON c.id = o.customer_id
WHERE o.id IS NULL;

Why this matters

Helps the marketing team target inactive users
Shows how JOINs can find missing data

💡 Bonus challenge: Modify the query to find customers with at least 3 orders instead.

💰 Challenge #2: The impostor employees

The problem

Your HR database has a big issue—some employees have negative salaries! Find and fix these invalid entries.

The solution

A simple WHERE condition will catch them:

SELECT id, name, salary
FROM employees
WHERE salary <= 0;

Why this matters

Ensures data consistency
Helps detect fraud or data entry mistakes

💡 Bonus challenge: Prevent this from happening again with a database constraint:

ALTER TABLE employees ADD CONSTRAINT check_salary CHECK (salary > 0);

🎵 Challenge #3: The playlist shuffle hack

The problem

You’re building a music app, and users want a random shuffle feature. But newly added songs should have a higher chance of appearing.

The solution

A weighted randomization query:

SELECT * FROM songs
ORDER BY RANDOM() * (1 + 0.2 * (CURRENT_DATE - created_at))
LIMIT 10;

Why this matters

Makes song shuffling smarter
Introduces probability-based ranking

💡 Bonus challenge: Ensure no song appears twice in the same session.

Final thoughts

SQL is more than just queries—it’s about problem-solving.

By practicing real-world challenges, you’ll build skills that go beyond syntax.

Missing data? Use JOINs smartly
Data validation? Enforce constraints
Smart sorting? Use weighted ranking

🚀 Want to learn from real-world challenges? Check out Backend Challenges and start building today!

AI for software Engineers: Advanced RAG cheat sheet

Paramanantham Harrison — Fri, 07 Jun 2024 11:35:06 +0000

I am starting a series to share what I learn. Today, I learned some advanced RAG architecture, here it is

Source of the cheatsheet: https://medium.com/llamaindex-blog/a-cheat-sheet-and-some-recipes-for-building-advanced-rag-803a9d94c41b

Released a visual guide to functional programming in JS

Paramanantham Harrison — Tue, 06 Feb 2024 20:30:02 +0000

Are you interested to learn the benefits of functional programming in javaScript without going into tutorial hell, please check out my ebook (free).

It is visual and it helps to learn these concepts,

Pure Functions
Immutability
First-Class and Higher-Order Functions
Function Composition
Recursion
Lazy Evaluation
Pattern Matching
Monads
Currying
Referential Transparency