5. Backend Fundamentals

This section is for Vibe Coders who want to take things to the next level. The backend is more complex than the frontend, but it's also where much of the magic happens. This section introduces the fundamentals of the backend—without requiring you to become a full-stack developer.

Intro to Backend

What is the backend?

As we mentioned earlier, the backend is the part of the website you don't see. It's the server-side code that powers your app behind the scenes.

The server is just another computer. It runs your code and sends responses to the client. The client is what users interact with—usually a browser.

Client-Server Model

The client-server model helps us understand how information flows between the user and the backend.

Think of it like a restaurant:

  • Customer: Your website in the browser (the client)
  • Waiter: The server or API that takes requests and delivers responses
  • Kitchen: The backend where the real work happens

How we talk to the server

We communicate with the server using HTTP requests. Here are the four basic types:

  • GET: Get data from the server
  • POST: Send new data to the server
  • PUT: Update existing data on the server
  • DELETE: Remove data from the server

Backend Languages

There are many programming languages used for backend development. Some of the most popular include:

  • JavaScript (Node.js)
  • Python
  • Ruby
  • Java
  • PHP
  • Go
  • C#

We'll be exploring the backend using JavaScript and a runtime called Node.js, which allows you to run JavaScript code outside of the browser.

What is a backend framework?

A backend framework is a tool that simplifies building server applications. Instead of writing everything from scratch, you can use a framework like Express (for Node.js) to handle routing, middleware, and more.

Backend Concepts

The backend usually consists of three major parts:

  • The server: Handles incoming requests
  • The database: Stores and manages data
  • The API: Acts as the interface between the client and the backend

The server

This is the engine that listens for requests and returns the appropriate response. You'll often build this with a backend framework like Express.

The database

This is where your app's data lives. It could be a SQL database (like PostgreSQL), a NoSQL database (like MongoDB), or even a serverless solution (like Supabase).

The API

An API is how the client communicates with the backend. Think of it as the menu in our restaurant metaphor—it's what the client is allowed to ask for.

More on APIs

There are many types of APIs (browser APIs, server APIs, etc.). In this course, we'll mostly deal with server APIs that send and receive data using HTTP.

In the Real World

Server vs Serverless

Serverless platforms let you run backend code without managing servers. These are great for AI-driven or JAMstack projects because they handle the hard stuff—like scaling and infrastructure—for you.

Examples of serverless platforms include Supabase, Vercel Functions, Netlify Functions, and Firebase.

Core Backend Concepts

CRUD: Create, Read, Update, Delete

CRUD is the foundation of most backend apps. It stands for:

  • Create: Add new data (e.g., a new user)
  • Read: Fetch existing data (e.g., a list of users)
  • Update: Change existing data
  • Delete: Remove data

Example using Express in Node.js:

const express = require('express');
const app = express();
app.use(express.json());

let users = [];

app.post('/users', (req, res) => {
  users.push(req.body);
  res.send('User created!');
});

app.get('/users', (req, res) => {
  res.json(users);
});

app.put('/users/:id', (req, res) => {
  users[req.params.id] = req.body;
  res.send('User updated!');
});

app.delete('/users/:id', (req, res) => {
  users.splice(req.params.id, 1);
  res.send('User deleted!');
});

app.listen(3000, () => console.log('Server running'));

Persistence: Databases

Databases make sure your data doesn't disappear when the app restarts. There are different kinds:

  • SQL: Structured (PostgreSQL, MySQL)
  • NoSQL: Flexible (MongoDB, Firebase)
  • Serverless DBs: Scalable and managed for you (Supabase, PlanetScale)

Relational vs Non-Relational Databases

Relational databases (SQL) organize data into tables with rows and columns. Each table can relate to other tables—think of a spreadsheet where you can link information together. This is great for structured data and when you need to enforce rules (like making sure every order has a valid user).

Non-relational databases (NoSQL) store data in a more flexible way, like documents or key-value pairs. Imagine a big folder where you can drop in anything you want—great for fast development and when your data doesn't always look the same.

  • Use SQL when your data is highly structured and you need relationships (e.g., users and orders).
  • Use NoSQL when your data is flexible or changes often (e.g., user profiles with different fields).

Connecting to MongoDB in Node.js:

const { MongoClient } = require('mongodb');
const client = new MongoClient('mongodb://localhost:27017');

async function main() {
  await client.connect();
  const db = client.db('myapp');
  const users = db.collection('users');
  await users.insertOne({ name: 'Alice' });
  const allUsers = await users.find().toArray();
  console.log(allUsers);
}
main();

Real-Time: WebSockets

WebSockets let your app send and receive messages in real time—perfect for chats, games, or live notifications.

const WebSocket = require('ws');
const server = new WebSocket.Server({ port: 8080 });

server.on('connection', socket => {
  socket.on('message', message => {
    console.log('Received:', message);
    socket.send('Hello from server!');
  });
});

Authentication

Authentication checks if someone is who they say they are—usually with a username and password, or via a third-party service like Google.

app.post('/login', (req, res) => {
  const { username, password } = req.body;
  if (username === 'admin' && password === 'password') {
    res.send('Logged in!');
  } else {
    res.status(401).send('Unauthorized');
  }
});

Note: In real apps, use libraries like passport or services like Supabase Auth for secure authentication.

Validation & Security

Always validate and sanitize data from users. It's a major part of backend development.

  • Validate emails, names, passwords, etc.
  • Never trust client-side input blindly
  • Use HTTPS
  • Keep dependencies updated

Example: Email validation

function isValidEmail(email) {
  return /\S+@\S+\.\S+/.test(email);
}

app.post('/signup', (req, res) => {
  if (!isValidEmail(req.body.email)) {
    return res.status(400).send('Invalid email');
  }
  // continue signup
});

Serverless and Vibe Coding

Vibe Coding platforms are serverless. That means you don't have to build or maintain your own backend. Focus on your frontend and let the tools handle the rest.

Still want to build your own backend? Use an IDE like Windsurf or Cursor to deploy your code, or try a serverless backend like Supabase that handles authentication, databases, and real-time features for you.

You don't have to master the backend to build cool stuff.
Understanding how it works helps you make better decisions—and with tools like Supabase, you can get 80% of the benefits without writing 100% of the code.
Go to Section 6 →