Practice & Assessment
Test your understanding of Data Validation, Error Handling, and API Design Patterns
Multiple Choice Questions
5Why should you use Zod's safeParse() instead of parse() in Express middleware?
Which pagination strategy avoids the 'missing or duplicate rows' problem caused by concurrent inserts between pages?
Why must filter and sort field names from query parameters be whitelisted before being passed to a database query?
An API's error handler uses `if (process.env.NODE_ENV === 'development') response.error.stack = err.stack`. What security principle does this implement?
You add /api/v2 routes but want to keep /api/v1 running. What is the cleanest Express implementation?
Coding Challenges
1Add Zod validation and pagination to a posts API
Given a starting Express app with GET /posts and POST /posts (provided in the challenge repo): 1) Add Zod validation to POST /posts — required fields: title (string, 1-200 chars), body (string, 1-5000 chars), authorId (positive integer). Return 422 with field-level errors on failure. 2) Add offset pagination to GET /posts — accept page (default 1) and limit (default 10, max 100) query params. Return { data, pagination: { page, limit, total, totalPages, hasNext } }. Use an in-memory array of 50 pre-seeded posts. Time estimate: 30 minutes.
Mini Project
Blog API with Validation, Pagination, and Versioning
Build a versioned blog REST API. v1 routes: GET /api/v1/posts (paginated, filterable by authorId and status), POST /api/v1/posts, GET /api/v1/posts/:id, PATCH /api/v1/posts/:id, DELETE /api/v1/posts/:id. v2 adds cursor-based pagination to GET /api/v2/posts. All POST and PATCH endpoints must validate input with Zod. All errors must use a consistent JSON envelope: { error: { code, message } }. Implement a global error handler and a 404 handler. Posts have: id, title, body, authorId, status (draft/published), createdAt. Use in-memory storage. Testable with curl.