DEV Community

Cover image for Build your API, not your boilerplate.
Muhammad Tahir Baloch
Muhammad Tahir Baloch

Posted on

Build your API, not your boilerplate.

#node #backend #api

🚀 After building backend projects repeatedly, I realized I was solving the same infrastructure problems every time.

Before writing a single business feature, I had to configure:

• TypeScript
• Express
• Prisma
• PostgreSQL
• JWT Authentication
• Email verification
• Password reset
• Two-Factor Authentication (2FA)
• CSRF Protection
• Role-based Authorization
• Rate Limiting
• Security Headers
• Input Validation
• Project Structure

It quickly became repetitive.

So I started building Backend Starter.

A production-ready Express.js starter that lets you focus on building products instead of setting up infrastructure.

What's included?

🔐 Authentication
• JWT Access & Refresh Tokens
• HTTP-only Cookies
• Email Verification
• Password Reset
• Change Email
• Change Password
• Two-Factor Authentication (2FA)

🛡️ Security
• CSRF Protection
• Helmet
• Express Rate Limit
• Zod Validation
• bcrypt Password Hashing
• Refresh Token Rotation

👥 User Management
• Registration
• Profile Management
• Device Sessions
• Login History
• Account Deletion

👨‍💼 Admin Features
• User Management
• Role Management
• Account Status Management
• Login History

Developer Experience
• TypeScript
• Prisma ORM
• PostgreSQL
• Biome
• Husky Git Hooks
• Environment Example Generator
• Postman Collection
• Clean Project Structure

This is only the beginning.

Next on the roadmap

• OAuth (Google & GitHub)
• Redis
• Docker Compose
• Swagger / OpenAPI
• Background Jobs
• File Upload Module

The project is completely open source, and I'd genuinely appreciate feedback from the community.

⭐ If you find it useful, consider giving it a star or contributing.

GitHub:
https://github.com/setahirbaloch/backend-starter

Linkedin:
https://linkedin.com/in/setahirbaloch

What feature do you think every production-ready backend starter should include?

Top comments (2)

Collapse
 
manolito99 profile image
Lolo

The one thing I'd add to every production backend starter: observability from day one. Error tracking and structured logging before you need them is much easier than adding them after the first production incident.

Sentry + structured logs saved me hours on a recent bug that only appeared in prod.

Collapse
 
setahirbaloch profile image
Muhammad Tahir Baloch

thank you for your suggestion, it's key part.
sure, next I will add this using winston + morgan.