# Week 2 In this session we will focus on designing and documenting a REST API on top of the existing Snippets backend. We will refine the resource structure, design consistent error handling and validation rules, describe the API using OpenAPI/Swagger, and use Knex safely with attention to SQL injection. We will also level up Postman usage with collections, environments, secrets, and tests for your endpoints. ## Contents * [Preparation](/course-content/backend/node/week2/preparation.md) * [Session Plan](/course-content/backend/node/week2/session-plan.md) (for mentors) * [Assignment](/course-content/backend/node/week2/assignment.md) ## Session Learning goals By the end of this session, you will be able to: * [ ] Design RESTful endpoints for the Snippets domain using clear resources, routes, and HTTP methods. * [ ] Describe your API using an OpenAPI/Swagger specification, including parameters, request bodies, responses, and error cases. * [ ] Decide on consistent error models and validation rules for your API and apply them across endpoints. * [ ] Recognise and fix SQL injection issues when working with Knex, using query builder methods safely. * [ ] Configure Postman for advanced backend development: * [ ] Create and organise collections for your Snippets API. * [ ] Set up environments and variables for different backends. * [ ] Manage secrets using the Postman Vault or sensitive variables. * [ ] Create basic test suites to automatically validate key responses. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://program.hackyourfuture.dk/course-content/backend/node/week2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.