Come join our happy hour in Seattle! – Click here.

Introduction to Building a CRUD API with Node.js and Express


Split - Blog-2160x1080-Building a CRUD API with Node-js and Express

Hey there! If you’re diving into backend development or looking to sharpen your skills, you’ve landed in the right place. Today’s focus is on an exciting journey: building a CRUD API using Node.js and Express. Let’s get started!

First off, let’s break down what a CRUD API is. CRUD stands for Create, Read, Update, and Delete. These are the four basic operations you can perform on data in any database. An API, or Application Programming Interface, is a set of rules and protocols for building and interacting with software applications. So, a CRUD API allows you to create, read, update, and delete data through defined interfaces.

Now, why choose Node.js and Express for this task? Node.js is a powerful JavaScript runtime that lets you run JavaScript on the server side. It’s fast, scalable, and has a massive community supporting it. On the other hand, Express is a web application framework for Node.js. It simplifies the process of building web applications and APIs with Node.js. It’s like having a toolbox that makes your job as a developer easier and more efficient.

In this blog post, I’ll guide you step-by-step through setting up your development environment, creating a basic server with Express, designing and implementing CRUD operations, and much more. Whether you’re a beginner or have some experience, this guide aims to provide you with a clear and practical approach to building a CRUD API.

So, grab your favorite beverage, fire up your code editor, and let’s get started on this journey of building a CRUD API with Node.js and Express.

Setting Up the Development Environment

You’re ready to start building your CRUD API with Node.js and Express. The first step is setting up your development environment. It’s like preparing your kitchen before you start cooking a new recipe.

Installing Node.js and npm

Node.js is the foundation. It’s a JavaScript runtime that lets you run JavaScript on the server side. You’ll need to download and install it from the Node.js website. Go for the LTS (Long Term Support) version, as it’s more stable.

Once installed, open your terminal or command prompt and type:

npm -v

You should see the version number of npm.

Initializing a Node.js Project

Now, create a new folder for your project and navigate into it using your terminal. Once inside the folder, initialize a new Node.js project:

npm init -y

This command creates a package.json file in your project directory. This file keeps track of all the dependencies and settings for your project.

Installing Express and Other Necessary Packages

Express is a web application framework for Node.js. It simplifies server creation and routing. Install Express by running:

npm install express

This command adds Express to your project’s dependencies.

Setting Up a Basic Server

Let’s write some code to set up a basic server. Create a file named server.js in your project folder. Open this file in your code editor and add the following code:

const express = require('express');
const app = express();
const port = 3000;

app.get('/', (req, res) => {
  res.send('Hello World!');

app.listen(port, () => {
  console.log(`Server running at http://localhost:${port}`);

This code does a few things:

  • Imports the Express module
  • Creates an Express application
  • Sets up a basic route (/) that sends ‘Hello World!’ when accessed
  • Tells the application to listen on port 3000

To start the server, go back to your terminal and run:

node server.js

Open your web browser and go to http://localhost:3000. You should see ‘Hello World!’ displayed.

Testing the Server

Testing is crucial. It ensures your server is running as expected. For a simple test, just visit http://localhost:3000 in your browser and see ‘Hello World!’ confirms the server is working.

Congratulations! You’ve set up your development environment, installed Node.js and Express, and have a basic server running. This setup forms the backbone of your CRUD API. In the next section, you’ll dive into designing and implementing CRUD operations.

Designing the API Endpoints

Now that your server is up and running, it’s time to design the API endpoints. Think of these endpoints as the doors through which users interact with your application. Each door (endpoint) serves a specific purpose: creating new data, reading existing data, updating it, or deleting it.

Understanding RESTful Principles

Before diving into the code, let’s touch on RESTful principles. REST (Representational State Transfer) is a set of guidelines that makes your API intuitive and easy to use. It involves using HTTP methods (like GET, POST, PUT, DELETE) and logically structuring your URLs.

Defining CRUD Operations

For a CRUD API, you typically need four types of operations:

  • Create (POST): Adds new data.
  • Read (GET): Retrieves data.
  • Update (PUT/PATCH): Modifies existing data.
  • Delete (DELETE): Removes data.

Planning URL Structure and HTTP Methods

Imagine you’re building an API for managing books in a library. Here’s how you might structure your endpoints:

  • Create a Book: POST /books
  • Get All Books: GET /books
  • Get a Single Book: GET /books/:id
  • Update a Book: PUT /books/:id
  • Delete a Book: DELETE /books/:id

The :id is a placeholder for the unique identifier of each book.

Implementing CRUD Operations

Let’s add these endpoints to your server. You’ll start with the basic structure and then flesh out each operation in the following sections.

In your server.js file, add the following code:

// ... previous code ...

// A temporary in-memory "database" until you integrate a real database
let books = [];

// Create a Book'/books', (req, res) => {
  // Logic to add a book

// Get All Books
app.get('/books', (req, res) => {

// Get a Single Book
app.get('/books/:id', (req, res) => {
  // Logic to get a single book

// Update a Book
app.put('/books/:id', (req, res) => {
  // Logic to update a book

// Delete a Book
app.delete('/books/:id', (req, res) => {
  // Logic to delete a book

// ... previous code ...

This code sets up the routes for each CRUD operation. The books array is empty, and the routes don’t do much. But soon, you’ll add the logic to make these endpoints functional.

Next Steps

In the upcoming sections, you’ll flesh out each of these endpoints. You’ll learn how to handle data submission, validation, and interaction with a database. You’ll have a fully functional CRUD API for a simple book management system by the end.

Stay tuned as you’re about to dive deeper into the world of Node.js and Express, turning these basic structures into a working API!

Implementing CRUD Operations

Alright, it’s time to bring those API endpoints to life. You’ll now add the actual logic for each CRUD operation. Let’s start with the Create operation and work our way through.

Create: Adding a New Book

When users want to add a new book to your library, they’ll use the Create endpoint. You need to extract the book data from the request, validate it, and then add it to your ‘database’ (for now, the books array).

First, you’ll need to handle JSON data. Express needs a bit of setup for this. At the top of your server.js, add:


This line tells Express to parse JSON data in incoming requests.

Now, implement the logic for adding a book:'/books', (req, res) => {
  const { title, author } = req.body;
  if (!title || !author) {
    return res.status(400).send('Missing title or author');

  const newBook = { id: books.length + 1, title, author };

This code extracts the title and author from the request body. If either is missing, it sends a 400 error. Otherwise, it creates a new book object, adds it to the books array, and returns the new book.

Read: Fetching Books

Next up, fetching books. You already set up two endpoints: one to get all books and another to get a single book by its ID.

For getting all books:

app.get('/books', (req, res) => {

This code returns the entire books array as JSON.

For getting a single book:

app.get('/books/:id', (req, res) => {
  const book = books.find(b => === parseInt(;
  if (!book) {
    return res.status(404).send('Book not found');

Here, you’re using the book ID from the URL to find the specific book. If it doesn’t exist, you send a 404 error.

Update: Modifying a Book’s Details

To update a book, you’ll use the PUT method. The logic is similar to fetching a single book, but you must also update the book’s details.

app.put('/books/:id', (req, res) => {
  const book = books.find(b => === parseInt(;
  if (!book) {
    return res.status(404).send('Book not found');

  const { title, author } = req.body;
  book.title = title || book.title; = author ||;


This code finds the book and updates its title and author with the new values in the request body.

Delete: Removing a Book

Finally, the delete operation. This lets users remove a book from the library.

app.delete('/books/:id', (req, res) => {
  const bookIndex = books.findIndex(b => === parseInt(;
  if (bookIndex === -1) {
    return res.status(404).send('Book not found');

  books.splice(bookIndex, 1);

You find the book’s index in the array and use splice to remove it. A 204 status code is returned to indicate successful deletion without any content.

And there you have it. You’ve implemented all the CRUD operations for your book management API. Right now, it’s a simple in-memory array, but this forms the core logic you’ll use even when integrating a real database.

In the next section, you’ll learn about connecting a database to store your data persistently. Keep up the great work; you’re becoming a Node.js and Express pro!

Integrating a Database

So far, you’ve built a CRUD API with an in-memory array. But in a real-world scenario, you need a database to store data persistently. Let’s integrate a database into your application. For this example, let’s use MongoDB, a popular NoSQL database.

Choosing a Database: MongoDB

MongoDB is an excellent choice for several reasons. It’s flexible, scalable, and works well with JavaScript and Node.js. Plus, its document-oriented nature makes it a good fit for JSON data.

Connecting MongoDB to Your Node.js Application

First, you need to set up MongoDB. You can either install it locally or use a cloud-based service like MongoDB Atlas. Once your database is ready, you need to connect it to your Node.js application.

Installing Mongoose

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. It makes handling MongoDB operations easier. Install it by running:

npm install mongoose

Setting Up Mongoose in Your Application

In your server.js, require Mongoose and connect to your MongoDB database:

const mongoose = require('mongoose');

mongoose.connect('your-mongodb-connection-string', { useNewUrlParser: true, useUnifiedTopology: true })
  .then(() => console.log('Connected to MongoDB...'))
  .catch(err => console.error('Could not connect to MongoDB...', e

Replace your-mongodb-connection-string with your actual MongoDB connection string.

Creating a Model

With Mongoose, you define your data structure through schemas. Let’s create a schema for your books.

Create a new file named book.js in your project directory and add the following:

const mongoose = require('mongoose');

const bookSchema = new mongoose.Schema({
  title: String,
  author: String

const Book = mongoose.model('Book', bookSchema);

module.exports = Book;

This code defines a simple schema with title and author and creates a model.

Updating CRUD Operations to Use MongoDB

Now, update your CRUD operations in server.js to use the MongoDB database.

First, require the Book model at the top of your server.js:

const Book = require('./book');

Now, let’s update each operation:

Create a Book'/books', async (req, res) => {
  let book = new Book({ title: req.body.title, author: });
  book = await;

Get All Books

app.get('/books', async (req, res) => {
  const books = await Book.find();

Get a Single Book

app.get('/books/:id', async (req, res) => {
  const book = await Book.findById(;
  if (!book) return res.status(404).send('Book not found');

Update a Book

app.put('/books/:id', async (req, res) => {
  const book = await Book.findByIdAndUpdate(, { title: req.body.title, author: }, { new: true });
  if (!book) return res.status(404).send('Book not found');

Delete a Book

app.delete('/books/:id', async (req, res) => {
  const book = await Book.findByIdAndRemove(;
  if (!book) return res.status(404).send('Book not found');

Testing Your API with the Database

After updating your CRUD operations, test each endpoint to ensure they interact correctly with MongoDB. You can use tools like Postman or Insomnia for testing API endpoints.

Congratulations! You’ve successfully integrated a MongoDB database into your Node.js and Express CRUD API. This step elevates your API from a simple in-memory storage system to a more robust and scalable application. In the next section, you’ll learn about adding error handling and validation to make your API more reliable and user-friendly. Keep going; you’re doing fantastic.

Error Handling and Validation

Now that your CRUD API interacts with MongoDB let’s focus on making it more robust. Good error handling and data validation are crucial for any API. They ensure your API responds appropriately to invalid inputs and unexpected situations, enhancing the user experience.

Why Error Handling and Validation Matter

Imagine users trying to add a book without a title or author. Without proper validation, your database could end up with incomplete or incorrect data. Similarly, good error handling informs users what went wrong instead of leaving them guessing.

Adding Basic Validation

Let’s start by adding some basic validation to your Book model. Update your book.js file to include simple required validations:

const mongoose = require('mongoose');

const bookSchema = new mongoose.Schema({
  title: { type: String, required: true },
  author: { type: String, required: true }

const Book = mongoose.model('Book', bookSchema);

module.exports = Book;

If you try to create a book without a title or author, Mongoose will throw an error.

Implementing Error Handling

Proper error handling involves catching and responding to errors in a meaningful way. Let’s update your CRUD operations to handle errors gracefully.

Create a Book with Error Handling'/books', async (req, res) => {
  try {
    let book = new Book({ title: req.body.title, author: });
    book = await;
  } catch (err) {

Get a Single Book with Error Handling

app.get('/books/:id', async (req, res) => {
  try {
    const book = await Book.findById(;
    if (!book) return res.status(404).send('Book not found');
  } catch (err) {
    res.status(500).send('Something went wrong');

Update and Delete Operations

Apply similar try-catch blocks to your update and delete operations. This ensures that any errors during these operations are caught and handled correctly.

Enhancing Validation with Joi

While Mongoose validations are great for basic checks, you might want more control over your data validation. Joi is a powerful validation library for JavaScript. Let’s use Joi to validate the book data before it hits your database.

First, install Joi:

npm install joi

Then, create a validation function for book data:

const Joi = require('joi');

function validateBook(book) {
  const schema = Joi.object({
    title: Joi.string().min(3).required(),
    author: Joi.string().min(3).required()

  return schema.validate(book);

Now, use this function in your create and update operations:

Create a Book with Joi Validation'/books', async (req, res) => {
  const { error } = validateBook(req.body);
  if (error) return res.status(400).send(error.details[0].message);

  try {
    let book = new Book({ title: req.body.title, author: });
    book = await;
  } catch (err) {

Update a Book with Joi Validation

Apply a similar pattern to your update operation, ensuring the updated data is validated before saving it.

With these additions, your API has robust error handling and validation mechanisms. This not only makes your API more reliable but also improves the user experience by providing clear and informative error messages. In the next section, you’ll explore testing your API to ensure its reliability and robustness. Keep up the great work; you’re almost there!

Testing the API

After adding error handling and validation, it’s crucial to test your API. Testing ensures everything works as expected and helps catch any issues before they affect your users. Let’s dive into how you can test your CRUD API.

Why Testing Matters

Think of testing like proofreading a book before it gets published. It helps you catch and fix any errors, ensuring a smooth experience for your readers. Similarly, testing your API ensures it behaves correctly under various scenarios, including edge cases you might not have considered during development.

Introduction to API Testing Tools

Tools like Postman and Jest come in handy for testing APIs. Postman is great for manual testing of your API endpoints, while Jest is excellent for automated testing in Node.js.

Testing with Postman

Install Postman: If you haven’t already, download and install Postman from their website.

Test Each Endpoint:

  • Create a Book: Use the POST method to send a request to http://localhost:3000/books with a JSON body containing a book’s title and author. Check if the book is added correctly.
  • Get All Books: Send a GET request to http://localhost:3000/books and see if you receive a list of all books.
  • Get a Single Book: Use the GET method with a specific book ID in the URL. Ensure it returns the correct book.
  • Update a Book: Send a PUT request with updated data for a specific book ID. Verify if the book updates as expected.
  • Delete a Book: Use the DELETE method on a book’s endpoint and check if it gets removed from the list.

Automated Testing with Jest

For automated testing, let’s set up Jest.

Install Jest: Run npm install --save-dev jest to add Jest to your project.

Configure Jest: In your package.json, add a new script to run Jest:

"scripts": {
  "test": "jest"

Writing Test Cases: Create a new test file, like api.test.js. Here’s an example of how you might test the Get All Books endpoint:

const request = require('supertest');
const app = require('./server'); // Import your Express app
describe('GET /books', () => {
  it('should return all books', async () => {
    const res = await request(app).get('/books');

Running Tests: Run your tests by executing npm test in your terminal. Jest will automatically find and run all test files.

Testing your API with both Postman and Jest ensures it’s robust and reliable. While Postman is great for manual testing, Jest automates the process, saving you time and effort in the long run. In the next section, you’ll learn about enhancing your API’s security, an essential aspect of any web application. Keep going; you’re doing a fantastic job!

Enhancing API Security

Now that your CRUD API is functional and well-tested, it’s time to focus on security. A secure API protects your data and builds trust with your users. Let’s explore some essential security practices and how to implement them in your Node.js and Express API.

Understanding Common Security Concerns

When it comes to API security, several common concerns need addressing. These include protecting against SQL injection (less relevant for NoSQL databases but still important to understand), cross-site scripting (XSS), and ensuring secure data transmission.

Implementing Security Best Practices

Use Helmet: Helmet is a middleware for Express that sets various HTTP headers to help protect your app from some well-known web vulnerabilities. Install it using npm:

npm install helmet

Then, include it in your server.js:

const helmet = require('helmet');

Validating User Input: You’ve already implemented Joi for validation, which is a great step in preventing malicious data from entering your system.

Securing Data Transmission with HTTPS: Use HTTPS to encrypt data in transit. It provides HTTPS by default if you’re deploying to a platform like Heroku. Consider tools like Let’s Encrypt for a free SSL certificate for local development.

Using Environment Variables for Sensitive Data: Never hardcode sensitive information like database connection strings or API keys in your code. Use environment variables instead. You can manage these with packages like dotenv.

Install dotenv:

npm install dotenv

At the top of your server.js, add:


Then, store your sensitive data in a .env file and access it using process.env.YOUR_VARIABLE.

Rate Limiting: To protect against brute-force attacks, implement rate limiting. This limits the number of requests a user can make in a certain timeframe. Use the express-rate-limit package:

npm install express-rate-limit

Set up basic rate limiting:

const rateLimit = require('express-rate-limit');

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100 // limit each IP to 100 requests per windowMs


Cross-Origin Resource Sharing (CORS): If your API is accessed from different domains, you need to handle CORS. It’s a security feature that restricts how resources on your web page can be requested from another domain. Use the cors package:

npm install cors

Then, enable CORS in your application:

const cors = require('cors');

By implementing these security measures, you significantly enhance the safety and reliability of your API. Remember, security is an ongoing process, and staying updated with best practices and emerging threats is important. In the next section, you’ll learn about deploying your API and making it accessible online. Great job getting this far; you’re almost ready to share your API with the world!


You’ve built, tested, and secured your CRUD API. Now, it’s time to deploy it so others can access it online. Deployment might seem daunting, but it’s pretty straightforward with the right tools and platforms. Let’s walk through the process of preparing and deploying your API.

Preparing for Production

Before deploying, make sure your API is ready for a production environment. Here are a few things to check:

  • Environment Variables: Ensure all sensitive information, like database connection strings, are set as environment variables and not hardcoded in your files.
  • Logging: In production, it’s important to have proper logging. Tools like Winston or Morgan can help you log requests and errors, which is crucial for debugging and monitoring your application.
  • Performance Checks: Make sure your API performs well under load. You can use tools like to test its performance.
  • Final Testing: Run a final round of tests to ensure everything works as expected.

Choosing a Deployment Platform

There are several platforms where you can deploy your Node.js application. Some popular ones include:

  • Heroku: Great for beginners and offers a free tier.
  • AWS (Amazon Web Services): More scalable and offers more services but has a steeper learning curve.
  • DigitalOcean: Known for its simplicity and scalability.

For this guide, let’s use Heroku, as it’s user-friendly and quick to set up.

Deploying to Heroku

Create a Heroku Account: If you don’t have one, sign up at Heroku’s website.

Install the Heroku CLI: Download and install the Heroku Command Line Interface (CLI) from here.

Log in to Heroku through the CLI:

heroku login

This command opens a browser window where you can log in to your Heroku account.

Prepare Your App for Heroku:

Specify the Node.js Version: In your package.json, specify the Node.js version under “engines”:

"engines": {
  "node": "18.x"

Create a Procfile: Heroku needs to know how to start your application. Create a file named Procfile in your root directory with the following content:

web: node server.js

Initialize a Git Repository (if you haven’t already):

git init
git add .
git commit -m "Initial commit"

Create a Heroku App:

heroku create

This command creates a new app on Heroku and adds a remote to your Git repository.

Deploy Your App:

git push heroku master

This command deploys your app to Heroku.

Set Environment Variables in Heroku: Use the Heroku dashboard or CLI to set your environment variables, like your database connection string.

Open Your App: Once deployed, you can open your app:

heroku open

Congratulations! Your API is now live on Heroku. Anyone can access it over the internet. Remember, deployment is not the end. Keep an eye on your app’s performance, monitor for any issues, and be ready to update it as needed. You’ve done an incredible job building and deploying your CRUD API with Node.js and Express!

Wrapping Up and Next Steps

You’ve come a long way from setting up your development environment to deploying your CRUD API. It’s a significant achievement, and you should feel proud of what you’ve accomplished. Let’s wrap things up and look at what you can do next to continue your journey in backend development.

Recap of Your Journey

  • Setting Up: You started by setting up Node.js and Express, creating the foundation for your API.
  • Building the API: You then designed and implemented CRUD operations, giving life to your server.
  • Database Integration: MongoDB came into play, adding persistence to your data.
  • Error Handling and Validation: You made your API robust with proper error handling and data validation.
  • Testing: Through testing with tools like Postman and Jest, you ensured the reliability of your API.
  • Security Enhancements: You then fortified your API with security best practices.Deployment: Finally, you deployed your API to Heroku, making it accessible worldwide.

What’s Next?

  • Explore More Features: Consider adding more features to your API. Authentication is a great one to start with. Implementing JWT (JSON Web Tokens) for user authentication can be an exciting challenge.
  • Learn About CI/CD: Continuous Integration and Continuous Deployment (CI/CD) are practices that can automate the testing and deployment of your applications. Tools like Jenkins, Travis CI, or GitHub Actions can help.
  • Experiment with Other Databases: While MongoDB is a great NoSQL database, exploring SQL databases like PostgreSQL or MySQL can broaden your backend skills.
  • Dive into Frontend Development: If you’re interested in full-stack development, consider learning a frontend framework like React, Vue, or Angular. This will allow you to build complete web applications.
  • Contribute to Open Source: Applying your skills to open-source projects can be incredibly rewarding. It’s a great way to learn, collaborate, and contribute to the community.
  • Stay Updated and Keep Learning: The tech field is constantly evolving. Stay curious, keep learning, and stay updated with the latest trends and best practices.

Final Thoughts

Building an API from scratch is no small feat. It requires patience, persistence, and a willingness to learn. You’ve demonstrated all these qualities and more. Remember, every developer’s journey is unique, filled with continuous learning and growth. Don’t hesitate to revisit concepts, try new things, and push your boundaries.

Congratulations once again on building your CRUD API with Node.js and Express! Here’s to many more coding adventures ahead. Happy coding!

Switch It On With Split

The Split Feature Data Platform™ gives you the confidence to move fast without breaking things. Set up feature flags and safely deploy to production, controlling who sees which features and when. Connect every flag to contextual data, so you can know if your features are making things better or worse and act without hesitation. Effortlessly conduct feature experiments like A/B tests without slowing down. Whether you’re looking to increase your releases, to decrease your MTTR, or to ignite your dev team without burning them out–Split is both a feature management platform and partnership to revolutionize the way the work gets done. Schedule a demo to learn more.

Get Split Certified

Split Arcade includes product explainer videos, clickable product tutorials, manipulatable code examples, and interactive challenges.

Want to Dive Deeper?

We have a lot to explore that can help you understand feature flags. Learn more about benefits, use cases, and real world applications that you can try.

Create Impact With Everything You Build

We’re excited to accompany you on your journey as you build faster, release safer, and launch impactful products.