Stage 3 · Build
Building Backend Applications
Design, implement, and operate production APIs that survive real traffic, real data, and real users.
Prerequisite
Go fundamentals.
What this course leaves you with
- Build REST and gRPC APIs backed by a database
- Add auth, caching, and background jobs
- Ship a production-ready 12-factor service
Why this stage matters — You built an app — now understand the OS underneath it.
Progress
0 of 54 lessons complete. Progress is stored locally in your browser so you can pick the path back up later.
course completion
HTTP & REST APIs
Build JSON APIs with Go handlers, middleware, routing, and practical HTTP semantics.
- 01HTTP FundamentalsUse methods, status codes, headers, content negotiation, and idempotency to design predictable APIs.7 min
- 02net/http HandlersBuild handlers with http.HandlerFunc, ResponseWriter, Request, ServeMux, and server timeouts.8 min
- 03Routing with chi and GinCompare chi routers and Gin engines for path parameters, route groups, and middleware chains.8 min
- 04MiddlewareImplement request IDs, access logs, panic recovery, CORS, compression, and authentication wrappers.8 min
- 05JSON APIsDecode request bodies, validate payloads, encode responses, and handle encoding/json error paths.8 min
- 06REST Resource DesignModel resources, collections, filters, PUT versus PATCH, and consistent problem responses.7 min
Databases & Persistence
Store application state safely with PostgreSQL, migrations, transactions, and connection pools.
- 01SQL Data ModelingDesign PostgreSQL tables, primary keys, foreign keys, indexes, constraints, and normalized relationships.8 min
- 02MigrationsManage schema changes with golang-migrate or goose, reversible migrations, and deployment ordering.7 min
- 03database/sqlUse sql.DB, QueryContext, ExecContext, prepared statements, scanning rows, and nullable columns.8 min
- 04sqlc and GORMCompare generated type-safe queries from sqlc with GORM models, associations, and query builders.8 min
- 05TransactionsUse BEGIN, COMMIT, ROLLBACK, isolation levels, SELECT FOR UPDATE, and retryable conflicts.8 min
- 06Connection PoolingTune database/sql pools, pgxpool, max open connections, idle timeouts, and PostgreSQL saturation.7 min
Authentication & Authorization
Protect accounts and APIs with modern identity, session, token, and permission patterns.
- 01Password HashingStore passwords with bcrypt or Argon2id, per-user salts, cost factors, and constant-time comparison.7 min
- 02Sessions & CookiesImplement server-side sessions, secure cookies, SameSite, CSRF protection, and session rotation.8 min
- 03JWT AuthenticationIssue and verify JWTs with claims, expiry, signing keys, refresh tokens, and revocation lists.8 min
- 04OAuth2 FlowsUse authorization code with PKCE, scopes, callback handlers, and provider metadata discovery.8 min
- 05Role-Based Access ControlModel users, roles, permissions, resource ownership, policy checks, and admin audit trails.7 min
- 06Testing AuthTest login failures, expired tokens, cookie flags, httptest middleware, and authorization boundaries.7 min
API Design & gRPC
Create stable contracts for REST and gRPC clients with documentation and error discipline.
- 01REST VersioningChoose URI, header, or media type versioning and plan deprecations without breaking clients.7 min
- 02Pagination, Filtering & SortingImplement cursor pagination, limit parameters, stable ordering, filters, and total-count tradeoffs.8 min
- 03OpenAPIDocument endpoints with OpenAPI 3, generate clients, validate schemas, and publish Swagger UI.8 min
- 04Protobuf ContractsDefine proto3 messages, field numbers, packages, buf lint rules, and backward-compatible schemas.8 min
- 05gRPC ServicesBuild unary and streaming RPCs with grpc-go, interceptors, deadlines, reflection, and grpcurl.8 min
- 06Error ContractsStandardize REST problem+json, gRPC status codes, validation errors, and correlation IDs.7 min
Caching, Queues & Background Jobs
Keep services responsive with Redis, asynchronous work, backpressure, and rate controls.
- 01Redis BasicsUse Redis strings, hashes, TTLs, pipelining, go-redis clients, and connection management.7 min
- 02Cache PatternsApply cache-aside, write-through, stale-while-revalidate, key design, and stampede protection.8 min
- 03Message QueuesCompare RabbitMQ, NATS, Kafka, and Redis Streams for durability, ordering, and delivery guarantees.8 min
- 04Worker PoolsBuild bounded Go workers with channels, context cancellation, retries, and dead-letter queues.8 min
- 05Background SchedulingRun cron-like jobs with robfig/cron, distributed locks, idempotency keys, and job observability.7 min
- 06Rate LimitingImplement token buckets, leaky buckets, per-user quotas, Redis counters, and HTTP 429 responses.8 min
Production-Ready Services
Prepare services for deployment with configuration, telemetry, resilience, and automated tests.
- 01ConfigurationLoad environment variables, config files, secrets, and defaults with Viper, envconfig, or clean structs.7 min
- 02Structured LoggingEmit JSON logs with slog or zap, attach request IDs, fields, levels, and error context.7 min
- 03Health ChecksExpose liveness and readiness endpoints that check database, Redis, queue, and dependency status.7 min
- 04Graceful ShutdownHandle SIGTERM, stop accepting traffic, drain requests, close pools, and respect Kubernetes deadlines.8 min
- 0512-Factor ServicesApply 12-factor principles for config, logs, disposability, backing services, and build-release-run.7 min
- 06Service TestingCombine httptest, Testcontainers, contract tests, race detection, and CI database fixtures.8 min
Advanced Auth & Tenant Security
Extend backend identity with tenant isolation, scoped tokens, and auditable policy enforcement.
- 01Multi-Tenant IdentityModel organizations, memberships, tenant-scoped roles, invite flows, and ownership checks in PostgreSQL.8 min
- 02Token LifecycleRotate signing keys, revoke refresh tokens, store device sessions, and expire credentials safely.8 min
- 03Policy EnginesEvaluate permissions with Casbin, OPA, resource attributes, deny rules, and policy test fixtures.8 min
- 04API Key ManagementIssue hashed API keys with prefixes, scopes, last-used timestamps, quotas, and rotation endpoints.7 min
- 05Audit LoggingRecord security events with actor IDs, resource IDs, before-after fields, IP addresses, and retention policies.7 min
- 06Abuse ProtectionDefend login and signup flows with rate limits, lockouts, CAPTCHA checks, and anomaly signals.7 min
Performance & Caching at Scale
Measure backend bottlenecks and apply cache, database, and concurrency optimizations safely.
- 01Latency ProfilingUse pprof, trace, request histograms, and flame graphs to find CPU, lock, and allocation hot spots.8 min
- 02Redis Cache InvalidationDesign TTLs, versioned keys, write-through updates, pub/sub invalidation, and stale data safeguards.8 min
- 03Database Query TuningAnalyze PostgreSQL plans with EXPLAIN ANALYZE, covering indexes, slow query logs, and pg_stat_statements.8 min
- 04Connection BackpressureTune HTTP clients, database pools, worker limits, queues, and timeouts to prevent overload.7 min
- 05Response CompressionUse gzip or brotli middleware, ETags, Cache-Control headers, and payload size budgets.7 min
- 06Load TestingRun k6, vegeta, or wrk scenarios with realistic traffic, SLO thresholds, and saturation analysis.8 min
Testing & Release Confidence
Build confidence in backend changes with deterministic tests, disposable dependencies, and safe rollout checks.
- 01Handler Unit TestsTest Go handlers with httptest, fake repositories, JSON assertions, and table-driven status cases.7 min
- 02Integration TestcontainersRun PostgreSQL, Redis, and NATS dependencies in Testcontainers with migrations and cleanup hooks.8 min
- 03Contract TestingValidate API compatibility with OpenAPI schemas, Pact contracts, generated clients, and backward-compatible fixtures.8 min
- 04Queue & Worker TestsTest retries, idempotency keys, dead-letter paths, poison messages, and concurrent worker shutdown.8 min
- 05Release Health GatesGate deploys with smoke tests, readiness probes, metric checks, canary analysis, and rollback triggers.7 min
- 06CI Test StrategySplit fast unit tests, integration suites, race detection, coverage thresholds, and flaky test quarantine.7 min