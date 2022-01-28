What do you think about this API?

My intention is to create an API as generic and DRY as possible using Go. To achieve this, I have made some more less common decisions:

  1. To use AJAX call to avoid reloading the entire page (causing flickering) when updating the web page. Instead of using Go.
  2. To exclude hard coded queries in the API to reduce the endpoints (routes). As a bonus the queries can be modified and added in database without recompile the API when updating queries
  3. To use JSON to create and update data to get it more generic.
  4. To use the sqlx driver in order to further reduce code and avoid repeating.

My questions are:

  1. Can you see any security issues? (Except CORS)
  2. Anything you should done different?
  3. Any thoughts about the generic approach?

More detailed description is here: https://crud.go4webdev.org/api3rest

There doesn’t seem to be any authentication and/or authorization in the system, or at least I’m not seeing it. Is anyone allowed to do anything?

As for the code itself, I’d recommend trying for a more layered approach. Calls go all over the place, which makes it harder to read. You’ll find that as the system evolves it will become messier still. Better to think out some modules beforehand (like query, handler, etc) and implement them from the start to get good separation of concerns.

As with all CRUD systems it’ll probably take you a long way into solving generic problems, but as soon as you step away from those into more complicated problems you enter a world of hurt, but that goes for all CRUD systems, not just yours.