The latest articles on DEV Community by Muhammad Tahir Baloch (@setahirbaloch). https://dev.to/setahirbaloch https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2044482%2F24fbff34-946f-4d60-a0ed-208b5a208041.png https://dev.to/setahirbaloch en Muhammad Tahir Baloch Fri, 26 Jun 2026 13:36:51 +0000 https://dev.to/setahirbaloch/build-your-api-not-your-boilerplate-15j4 https://dev.to/setahirbaloch/build-your-api-not-your-boilerplate-15j4 <p>🚀 After building backend projects repeatedly, I realized I was solving the same infrastructure problems every time.</p> <p>Before writing a single business feature, I had to configure:</p> <p>• TypeScript<br> • Express<br> • Prisma<br> • PostgreSQL<br> • JWT Authentication<br> • Email verification<br> • Password reset<br> • Two-Factor Authentication (2FA)<br> • CSRF Protection<br> • Role-based Authorization<br> • Rate Limiting<br> • Security Headers<br> • Input Validation<br> • Project Structure</p> <p>It quickly became repetitive.</p> <p>So I started building <strong>Backend Starter</strong>.</p> <p>A production-ready Express.js starter that lets you focus on building products instead of setting up infrastructure.</p> <h3> What's included? </h3> <p>🔐 <strong>Authentication</strong><br> • JWT Access &amp; Refresh Tokens<br> • HTTP-only Cookies<br> • Email Verification<br> • Password Reset<br> • Change Email<br> • Change Password<br> • Two-Factor Authentication (2FA)</p> <p>🛡️ <strong>Security</strong><br> • CSRF Protection<br> • Helmet<br> • Express Rate Limit<br> • Zod Validation<br> • bcrypt Password Hashing<br> • Refresh Token Rotation</p> <p>👥 <strong>User Management</strong><br> • Registration<br> • Profile Management<br> • Device Sessions<br> • Login History<br> • Account Deletion</p> <p>👨‍💼 <strong>Admin Features</strong><br> • User Management<br> • Role Management<br> • Account Status Management<br> • Login History</p> <p>⚡ <strong>Developer Experience</strong><br> • TypeScript<br> • Prisma ORM<br> • PostgreSQL<br> • Biome<br> • Husky Git Hooks<br> • Environment Example Generator<br> • Postman Collection<br> • Clean Project Structure</p> <p>This is only the beginning.</p> <h3> Next on the roadmap </h3> <p>• OAuth (Google &amp; GitHub)<br> • Redis<br> • Docker Compose<br> • Swagger / OpenAPI<br> • Background Jobs<br> • File Upload Module</p> <p>The project is completely open source, and I'd genuinely appreciate feedback from the community.</p> <p>⭐ If you find it useful, consider giving it a star or contributing.</p> <p>GitHub:<br> <a href="https://github.com/setahirbaloch/backend-starter" rel="noopener noreferrer">https://github.com/setahirbaloch/backend-starter</a></p> <p>Linkedin:<br> <a href="https://linkedin.com/in/setahirbaloch" rel="noopener noreferrer">https://linkedin.com/in/setahirbaloch</a></p> <p>What feature do you think every production-ready backend starter should include?</p> node backend api