DEV Community: Prathamesh Dhadbale The latest articles on DEV Community by Prathamesh Dhadbale (@prathameshdhadbale). https://dev.to/prathameshdhadbale https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3867520%2F14bc8635-e440-4d01-9ed8-fd889e282efa.png DEV Community: Prathamesh Dhadbale https://dev.to/prathameshdhadbale en How Frontend Talks to Backend — REST, JSON, and CORS Explained Without the Jargon Prathamesh Dhadbale Sat, 25 Apr 2026 09:52:43 +0000 https://dev.to/prathameshdhadbale/how-frontend-talks-to-backend-rest-json-and-cors-explained-without-the-jargon-5a8d https://dev.to/prathameshdhadbale/how-frontend-talks-to-backend-rest-json-and-cors-explained-without-the-jargon-5a8d <p>You've got a React app on one side. An Express server on the other. And you know you need to connect them somehow.</p> <p>But then come the questions — what exactly is an API? What makes it "REST"? Why does everyone use JSON? And why does CORS lose its mind the moment you try to fetch something?</p> <p>Let's answer all of it.</p> <h2> First — what even is an API? </h2> <p>API stands for Application Programming Interface. But forget the full form, here's what it actually means:</p> <p>Your frontend is a customer. Your backend is a restaurant kitchen. The kitchen doesn't let customers walk in and grab food themselves. Instead there's a <strong>menu</strong> — a fixed list of things you can order, with specific names and rules.</p> <p>That menu is your API.</p> <p>Your backend doesn't expose its database directly to the frontend. Instead it says — "here are the URLs you can call, here's what you send me, here's what I'll send back." The frontend doesn't know or care how the backend stores data internally. It just knows the menu and orders from it.</p> <h2> What makes an API "REST"? </h2> <p>REST is not a library. Not a framework. Not a technology you install.</p> <p>It's a <strong>convention</strong> — an agreed-upon style for designing your API so that anyone can understand it without reading a manual.</p> <p>The core idea is simple:</p> <ul> <li>URLs represent <strong>things</strong> (called resources) — <code>/jobs</code>, <code>/users</code>, <code>/posts</code> </li> <li>HTTP methods represent <strong>actions</strong> on those things </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /jobs → fetch all jobs POST /jobs → create a new job PUT /jobs/1 → fully update job with id 1 PATCH /jobs/1 → partially update job with id 1 DELETE /jobs/1 → delete job with id 1 </code></pre> </div> <p>Notice the difference between PUT and PATCH — PUT means replace the entire resource with new data, PATCH means only update the specific fields you send and leave everything else as it is.</p> <p>And notice how the URL only describes <strong>what</strong> you're acting on, not <strong>what action</strong> you're doing. The HTTP method handles the action. So <code>/getJobs</code> is wrong REST style — it should just be <code>GET /jobs</code>.</p> <p>That's REST. A clean, readable, predictable way to structure your API.</p> <h2> Status codes — the response's mood indicator </h2> <p>Every response your backend sends comes with a <strong>status code</strong> — a number that tells the frontend how things went. Think of it as the server's emotional state.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>200 OK → worked perfectly 201 Created → new resource was created successfully 400 Bad Request → you sent something wrong 401 Unauthorized → you're not logged in 403 Forbidden → you're logged in but not allowed 404 Not Found → that resource doesn't exist 500 Internal Error → something broke on the server side </code></pre> </div> <p>A status code is not the same as your response data. You can send a 200 with wrong data, or a 404 with a helpful error message. Always set both intentionally.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">company</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Stripe</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// created</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Job not found</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// not found</span> </code></pre> </div> <h2> JSON — why everything uses it </h2> <p>When your frontend sends data to the backend or receives it back, both sides need to agree on a format. That format is <strong>JSON</strong>.</p> <p>Here's the thing that trips people up — a JavaScript object and a JSON string look almost identical, but they are completely different things:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// JavaScript object — lives in memory, can have methods</span> <span class="kd">const</span> <span class="nx">job</span> <span class="o">=</span> <span class="p">{</span> <span class="na">company</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Stripe</span><span class="dl">'</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Intern</span><span class="dl">'</span> <span class="p">}</span> <span class="c1">// JSON string — plain text, travels over the network</span> <span class="dl">'</span><span class="s1">{"company":"Stripe","role":"Intern"}</span><span class="dl">'</span> </code></pre> </div> <p>A JavaScript object is a living thing in your computer's memory. JSON is just text — a standardized way of representing that object as a string so it can travel over the network.</p> <p>The network doesn't understand JavaScript objects. It only carries bytes of text. So before sending, you convert:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">job</span><span class="p">)</span> <span class="c1">// object → JSON string (before sending)</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">jsonStr</span><span class="p">)</span> <span class="c1">// JSON string → object (after receiving)</span> </code></pre> </div> <p>On the frontend with fetch, <code>response.json()</code> handles the parsing for you automatically.</p> <h3> Why <code>Content-Type: application/json</code> matters </h3> <p>When you send a request with a JSON body, you must tell the server what format the data is in using a header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="c1">// this line matters</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">company</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Stripe</span><span class="dl">'</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <p>On the Express side, <code>express.json()</code> middleware reads this header. If it says <code>application/json</code>, it parses the body and puts it in <code>req.body</code>. If the header is missing or wrong — <code>req.body</code> is <code>undefined</code>. That's it. That's the entire reason forgetting this header breaks everything.</p> <h2> How Express reads your request — req.body vs req.params vs req.query </h2> <p>When a request reaches your Express controller, the data can be in three different places depending on how it was sent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// req.params — data in the URL path</span> <span class="c1">// Route: /jobs/:id</span> <span class="c1">// Request: GET /jobs/42</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="c1">// → "42"</span> <span class="c1">// req.query — data in the URL after the ?</span> <span class="c1">// Request: GET /jobs?status=applied</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">status</span> <span class="c1">// → "applied"</span> <span class="c1">// req.body — data in the request body (POST, PUT, PATCH)</span> <span class="c1">// Requires express.json() middleware</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">company</span> <span class="c1">// → "Stripe"</span> </code></pre> </div> <p>Simple rule — if it's in the URL it's params or query, if it's sent as data in the request body it's <code>req.body</code>.</p> <h2> The fetch API — why two awaits? </h2> <p>When you call <code>fetch()</code>, it doesn't give you your data directly. It gives you a Promise that resolves to a <strong>Response object</strong>. Then you need a second step to actually read the data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// first await — gets the response headers</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// second await — reads and parses the body</span> </code></pre> </div> <p>Why two steps? Because of how the internet works.</p> <p>The first <code>await</code> resolves the moment your browser receives the HTTP headers and status code from the server. But the actual body — the JSON data — might still be traveling across the network in packets. The second <code>await res.json()</code> waits for all those packets to arrive, assembles them, and parses the complete JSON string into a JavaScript object.</p> <p>One important thing — <code>fetch()</code> only rejects (throws an error) if the network itself fails. A DNS failure, a dropped connection, a CORS block. If the server responds with a 404 or 500, <code>fetch()</code> still resolves successfully — because the network transaction worked, the server just returned an error status. This is why you need to check manually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// res.ok is true for 200-299, false for everything else</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Request failed: </span><span class="p">${</span><span class="nx">res</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> </code></pre> </div> <h2> CORS — the one that confuses everyone </h2> <p>Your React app runs on <code>http://localhost:5173</code>.<br> Your Express server runs on <code>http://localhost:5000</code>.</p> <p>Different port = different <strong>origin</strong>.</p> <p>Browsers have a built-in security rule called the <strong>Same-Origin Policy</strong> — a webpage cannot read responses from a different origin than the one it was served from. This exists to protect you. Without it, any random website you visit could silently make requests to your bank using your logged-in session and read your account data.</p> <p>But in development you need your frontend to talk to your backend. That's what <strong>CORS</strong> solves — Cross-Origin Resource Sharing. It's a way for the server to say "yes, I trust this other origin, let it read my responses."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Allow only your frontend</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:5173</span><span class="dl">'</span> <span class="p">}));</span> <span class="c1">// Allow everyone (fine for public APIs, dangerous for authenticated ones)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span> <span class="p">}));</span> </code></pre> </div> <h3> The thing that makes CORS click </h3> <p>Here's what almost no tutorial explains clearly:</p> <p><strong>CORS is enforced by the browser, not the server.</strong></p> <p>When you make a cross-origin request, the request actually reaches the server. The server processes it and sends back a response. But then the browser intercepts that response, checks the <code>Access-Control-Allow-Origin</code> header, and if it doesn't see your frontend's origin listed — it throws the response away and shows you a CORS error.</p> <p>You never got blocked from sending. You got blocked from <em>reading the response</em>.</p> <p>This is why <strong>Postman never gets CORS errors</strong>. Postman is not a browser. It has no Same-Origin Policy. It sends the request, gets the response, and shows it to you directly — no security checks. The CORS error is the browser protecting the user, not the server rejecting you.</p> <h3> Preflight requests — why you sometimes see two requests </h3> <p>For requests that could modify data (POST, PUT, DELETE) or use custom headers, the browser doesn't just send your request straight away. It first sends a quick <strong>OPTIONS request</strong> — called a preflight — to ask the server "hey, are you okay with me sending this from this origin?"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="nf">OPTIONS</span> <span class="nn">/api/jobs</span> <span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="na">Origin</span><span class="p">:</span> <span class="s">http://localhost:5173</span> <span class="na">Access-Control-Request-Method</span><span class="p">:</span> <span class="s">POST</span> </code></pre> </div> <p>The server responds with what it allows. If the answer is yes, the browser then sends your actual request. If you ever see two requests in your Network tab when you expected one — that's the preflight.</p> <h2> Putting it all together </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Frontend — React component</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:5000/api/jobs</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Request failed</span><span class="dl">'</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nf">setJobs</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">));</span> <span class="p">},</span> <span class="p">[]);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Backend — Express server</span> <span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:5173</span><span class="dl">'</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">jobs</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">pool</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">SELECT * FROM jobs</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">jobs</span><span class="p">.</span><span class="nx">rows</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>What happens when that <code>useEffect</code> runs:</p> <ol> <li> <code>fetch()</code> sends <code>GET http://localhost:5000/api/jobs</code> </li> <li>Browser checks — different origin, sends preflight OPTIONS first</li> <li>Express responds — CORS allowed, proceed</li> <li>Browser sends the real GET request</li> <li>Express matches the route, queries the DB, sends back JSON</li> <li>Browser checks <code>Access-Control-Allow-Origin</code> header — matches, passes response through</li> <li> <code>res.json()</code> parses the JSON string into a JS array</li> <li> <code>setJobs(data)</code> re-renders the component with real data</li> </ol> <h2> Common mistakes </h2> <p><strong>1. Forgetting <code>Content-Type: application/json</code> in fetch</strong><br> <code>req.body</code> will be undefined on the server. Always include the header when sending data.</p> <p><strong>2. Not checking <code>res.ok</code> after fetch</strong><br> <code>fetch()</code> won't throw on a 404 or 500. You have to check <code>res.ok</code> yourself.</p> <p><strong>3. Thinking CORS is the server rejecting you</strong><br> The server processed your request. The browser is blocking you from reading the response. Fix it by adding CORS headers on the server, not by changing your frontend code.</p> <p><strong>4. Using <code>res.send()</code> instead of <code>res.json()</code> for APIs</strong><br> <code>res.send()</code> with a string sets <code>Content-Type: text/html</code>. Use <code>res.json()</code> which always enforces <code>application/json</code> — that's what your frontend expects.</p> <p><strong>5. Putting CORS middleware after your routes</strong><br> Middleware runs in order. If CORS is registered after your routes, it never runs for those routes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="nx">getJobs</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="c1">// too late</span> <span class="c1">// Right</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="c1">// must come first</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="nx">getJobs</span><span class="p">);</span> </code></pre> </div> <h2> Wrapping up </h2> <p>The frontend and backend are just two separate programs passing text messages to each other. REST is a naming convention that makes those messages predictable. JSON is the text format those messages use. And CORS is the browser being a responsible security guard — protecting users from malicious sites reading data they shouldn't.</p> <p>Once you see it that way, none of it is magic anymore.</p> webdev javascript beginners node What Actually Happens When You Click a Button — From Browser to Database and Back Prathamesh Dhadbale Sun, 19 Apr 2026 08:25:15 +0000 https://dev.to/prathameshdhadbale/what-actually-happens-when-you-click-a-button-from-browser-to-database-and-back-29ef https://dev.to/prathameshdhadbale/what-actually-happens-when-you-click-a-button-from-browser-to-database-and-back-29ef <p>You've written <code>fetch()</code>. You've set up an Express route. It works.</p> <p>But do you actually know what happened in between? Most tutorials show you the pieces separately. Nobody walks you through the full conversation — browser to server to database and back — in one go.</p> <p>Let's fix that.</p> <h2> The analogy that makes it click </h2> <p>Before we touch code, here's a mental model you'll never forget.</p> <p>Think of it like ordering food at a restaurant:</p> <ul> <li> <strong>You</strong> (the customer) = the browser</li> <li> <strong>The waiter</strong> = the Express server / API</li> <li> <strong>The kitchen</strong> = your controller + business logic</li> <li> <strong>The pantry</strong> = the database</li> </ul> <p>You don't walk into the kitchen and grab food yourself. You tell the waiter. The waiter goes to the kitchen. The kitchen checks the pantry, does its thing, and sends the food back through the waiter to your table.</p> <p>That's a web request. Now let's trace it step by step.</p> <h2> Step 1 — User clicks a button (Browser) </h2> <p>Everything starts with an event on the frontend. The user clicks "Add Job" and a JavaScript event listener fires.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">button</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">click</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:5000/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">company</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Stripe</span><span class="dl">'</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Frontend Intern</span><span class="dl">'</span> <span class="p">})</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Three things are happening inside that <code>fetch()</code> call:</p> <ul> <li> <code>method</code> tells the server what kind of action you want — GET to read, POST to create, PUT to update, DELETE to remove</li> <li> <code>headers</code> tell the server what format your data is in — here we're saying "I'm sending JSON"</li> <li> <code>body</code> is your actual data, converted from a JS object into a JSON string using <code>JSON.stringify()</code> </li> </ul> <h2> Step 2 — The HTTP request travels to the server </h2> <p>Once <code>fetch()</code> fires, the browser packages your data into an HTTP request and sends it over the network. In production this goes over the internet. In development it stays on your machine via <code>localhost</code>.</p> <p>Under the hood, the raw request looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="nf">POST</span> <span class="nn">/api/jobs</span> <span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="na">Host</span><span class="p">:</span> <span class="s">localhost:5000</span> <span class="na">Content-Type</span><span class="p">:</span> <span class="s">application/json</span> <span class="p">{</span><span class="nl">"company"</span><span class="p">:</span><span class="s2">"Stripe"</span><span class="p">,</span><span class="nl">"role"</span><span class="p">:</span><span class="s2">"Frontend Intern"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Just structured text. That's genuinely all an HTTP request is — a text message with a specific format that both the browser and server agree to understand.</p> <h2> Step 3 — Express receives it and matches a route </h2> <p>Your Express server is sitting there, listening on port 5000, waiting for incoming requests.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// parses the request body into req.body</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/jobs</span><span class="dl">'</span><span class="p">,</span> <span class="nx">addJob</span><span class="p">);</span> <span class="c1">// POST + /api/jobs → runs addJob</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">5000</span><span class="p">);</span> </code></pre> </div> <p>When a POST request comes in for <code>/api/jobs</code>, Express checks it against every registered route. Path matches? Method matches? It hands the request off to the <code>addJob</code> function.</p> <p>But before <code>addJob</code> runs — middleware steps in.</p> <h2> Step 4 — Middleware runs first </h2> <p>Middleware is code that runs between the request arriving and your controller handling it. Think of it as a series of checkpoints your request must pass through.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Logging — runs on every request</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">method</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">req</span><span class="p">.</span><span class="nx">url</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="c1">// pass the request forward</span> <span class="p">});</span> <span class="c1">// Auth — stops requests without a valid token</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">});</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>Each middleware either:</p> <ul> <li>Calls <code>next()</code> → request moves forward to the next middleware or controller</li> <li>Sends a response directly → request stops right there</li> </ul> <p><code>express.json()</code> is itself middleware — it reads the raw request body and converts it into a JS object on <code>req.body</code>. Without it, <code>req.body</code> is <code>undefined</code> and you'll spend 30 confused minutes wondering why.</p> <h2> Step 5 — Controller runs the business logic </h2> <p>Now your request finally reaches the controller — the function that handles the actual work.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">addJob</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">company</span><span class="p">,</span> <span class="nx">role</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">pool</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">INSERT INTO jobs (company, role) VALUES ($1, $2) RETURNING *</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">company</span><span class="p">,</span> <span class="nx">role</span><span class="p">]</span> <span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Something went wrong</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>The controller pulls data from <code>req.body</code>, talks to the database, and sends back a response. Its only job is to connect the HTTP world to your database world.</p> <h2> Step 6 — The database stores the data </h2> <p>The line <code>pool.query(...)</code> sends a SQL command from your Node.js server to PostgreSQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">jobs</span> <span class="p">(</span><span class="n">company</span><span class="p">,</span> <span class="k">role</span><span class="p">)</span> <span class="k">VALUES</span> <span class="p">(</span><span class="s1">'Stripe'</span><span class="p">,</span> <span class="s1">'Frontend Intern'</span><span class="p">)</span> <span class="n">RETURNING</span> <span class="o">*</span><span class="p">;</span> </code></pre> </div> <h3> What is <code>pool</code> and why not just a direct connection? </h3> <p>A connection pool keeps a set of database connections open and ready to reuse — instead of opening and closing a fresh connection for every single request, which is slow and expensive.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// db.js — PostgreSQL</span> <span class="k">import</span> <span class="nx">pg</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">pg</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">Pool</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">pg</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">pool</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Pool</span><span class="p">({</span> <span class="na">connectionString</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DATABASE_URL</span> <span class="p">});</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">pool</span><span class="p">;</span> </code></pre> </div> <p>For SQLite, it looks like this instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">open</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">sqlite</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">sqlite3</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">sqlite3</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">open</span><span class="p">({</span> <span class="na">filename</span><span class="p">:</span> <span class="dl">'</span><span class="s1">./database.db</span><span class="dl">'</span><span class="p">,</span> <span class="na">driver</span><span class="p">:</span> <span class="nx">sqlite3</span><span class="p">.</span><span class="nx">Database</span> <span class="p">});</span> </code></pre> </div> <p>Different databases, same idea — your server needs a stable, efficient way to talk to them.</p> <p>PostgreSQL runs the query, stores the row, and returns the newly created record because of <code>RETURNING *</code>. That result comes back as <code>result.rows[0]</code> in your controller.</p> <h2> Step 7 — The response travels back to the browser </h2> <p>Your controller sends:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">201</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">.</span><span class="nx">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> </code></pre> </div> <p>This builds an HTTP response and sends it back to the browser:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">201</span> <span class="ne">Created</span> <span class="na">Content-Type</span><span class="p">:</span> <span class="s">application/json</span> <span class="p">{</span><span class="nl">"id"</span><span class="p">:</span><span class="mi">1</span><span class="p">,</span><span class="nl">"company"</span><span class="p">:</span><span class="s2">"Stripe"</span><span class="p">,</span><span class="nl">"role"</span><span class="p">:</span><span class="s2">"Frontend Intern"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Back in the browser, your <code>await fetch(...)</code> resolves. <code>response.json()</code> parses that JSON string back into a JavaScript object. You now have the saved data on the frontend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nf">setJobs</span><span class="p">(</span><span class="nx">prev</span> <span class="o">=&gt;</span> <span class="p">[...</span><span class="nx">prev</span><span class="p">,</span> <span class="nx">data</span><span class="p">]);</span> <span class="c1">// new job appears in the UI instantly</span> </code></pre> </div> <p>No page reload. Just a clean round trip.</p> <h2> Common mistakes to avoid </h2> <p><strong>1. Forgetting <code>express.json()</code> middleware</strong></p> <p><code>req.body</code> will be <code>undefined</code>. Always add <code>app.use(express.json())</code> before your routes — not after.</p> <p><strong>2. Not awaiting <code>response.json()</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong — this is a Promise, not your data</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// Right</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> </code></pre> </div> <p><strong>3. Sending a response twice in Express</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Wrong — both lines run, server crashes</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="c1">// Right — use return to stop execution</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> </code></pre> </div> <p><strong>4. Confusing status codes with response data</strong></p> <p>Status <code>200 OK</code> means the request completed — not that your data is correct. Always check both <code>response.status</code> and <code>response.json()</code>.</p> <h2> When something breaks, trace it step by step </h2> <p>Now you have a map. Use it:</p> <ol> <li>Is the request leaving the browser? → Check the <strong>Network tab</strong> in DevTools</li> <li>Is it hitting the server? → Check your <strong>server terminal logs</strong> </li> <li>Is the route matching? → Check your <strong>Express route definitions</strong> </li> <li>Is the DB query working? → <strong>Test the query directly</strong> in your DB client</li> <li>Is the response making it back? → Check <code>response.status</code> in the browser</li> </ol> <h2> Wrapping up </h2> <p>One click. Seven steps. Every time.</p> <p>The click-to-database flow isn't magic — it's a structured conversation between your browser, your server, and your database. Each layer has one job. Together they make your app feel instant and alive.</p> <p>Next time you write a <code>fetch()</code> call, you'll know exactly what's happening on the other side.</p> webdev javascript beginners node