Search tools and articles. Results update as you type.
JSON shows up in config files, API responses, and databases. If you’ve ever opened a response in the Network tab or edited a config file, you’ve already seen it. Here we’ll cover what it is, why it’s used, and how to avoid the usual mistakes. JSON has become the default interchange format for web and mobile applications because it is lightweight, human-readable, and supported by every major language and runtime. Building a REST API, storing config, or passing data between services—a solid grasp of JSON syntax and tooling will save you from subtle bugs and integration headaches.
REST is a style for designing web APIs that use HTTP methods and URLs. You’ll see it everywhere: public APIs, internal services, and mobile backends. Here we'll stick to the core ideas and how to use them in practice. REST isn't a standard but a set of constraints and conventions that, when followed, make APIs predictable and easy to consume. Nail those and your APIs play nicely with clients, caches, and tooling.
One giant line of SQL is a pain to read and review. A few simple formatting rules turn that wall of text into something you can actually follow. We’re talking practical formatting here, not dialect deep dives. Readable SQL is easier to debug and optimize—and teams that pick one style and stick to it stop bickering over commas and spend time on logic and performance.
Regex matches patterns in text. Yeah, it looks like keyboard smash at first—but a handful of concepts gets you through most real-world use. We’ll stick to those and skip the full language reference. Once you’ve got the main symbols and ideas, you can read and write patterns for validation, search-and-replace, and log parsing without memorizing every dialect quirk.
HTTP status codes tell the client whether a request succeeded, failed, and why. They’re part of every API and web response. Below we run through the ranges and the codes you’ll see most often. Use them right and you get better caching, clearer error handling, and APIs that behave the way clients and tooling expect.
An API is how one piece of software talks to another. For most of us that means HTTP: send a request, get a response. No prior experience assumed—we’ll stick to the basics. Frontends, mobile apps, and third-party services all plug in via APIs without touching your source code; knowing how to call and test them is bread-and-butter for full-stack and backend work.
Bugs are part of the job. Whether you lose an afternoon or fix it in five minutes often comes down to how you hunt. We’ll stick to habits and techniques that work in any language: reproduce first, form a hypothesis, then verify with minimal checks. That’s how you fix root causes instead of playing whack-a-mole.
Consistent formatting doesn’t change what the code does, but it makes it easier to read and review. We'll go over practical rules and how to enforce them automatically. One style, one formatter, and suddenly merge conflicts and style debates drop. Pick a formatter, wire it into your workflow, and dodge the usual pitfalls.
Base64 turns binary data into text that can be sent in JSON, URLs, or email. You’ll see it in API tokens, data URLs, and config. Quick rundown: what it is and when to reach for it.
Hashing turns input of any size into a fixed-size fingerprint. It’s used for checksums, deduplication, and password storage (with the right algorithm). Here's the idea and how it's used in practice. Choosing the right algorithm matters: use SHA-256 or SHA-3 for integrity and fingerprinting, and a dedicated password hashing function (bcrypt, Argon2) with a salt for passwords. We'll spell out the difference and how to use hashes without shooting yourself in the foot.
Web security is about protecting data and users: confidentiality, integrity, and availability. We’ll stick to foundational practices that apply to most web apps—no attack deep dives. A few habits (HTTPS everywhere, hashed passwords, parameterized queries, secrets out of code) wipe out most common risks. Here’s the checklist; we’ll point you where to go deeper.
“Frontend” and “backend” describe where code runs and who it serves. Here we clarify the split and how the two sides work together. Knowing where logic and data live helps you debug (Network tab vs server logs), scale (cache on the client, scale the backend), and secure the app (never trust the client for auth or sensitive rules). Draw the boundary once and stick to it.
API testing checks that your endpoints behave correctly: right status codes, response shape, and behavior under bad input. Below: what to test and how to do it in practice. Automated API tests catch regressions when you change backend code and serve as executable documentation. We'll go over status, body, errors, how to structure tests, and how to handle auth and test data.
Clean code is easy to read and change. It’s not about being clever; it’s about naming things well, keeping functions small, and reducing surprise. We'll sum up habits that help. Readable code is changed and debugged faster; when you or someone else returns to it later, clear names and small functions make the intent obvious without guessing. No performance or flexibility trade-off—just clearer code.
Productivity in development is less about speed and more about reducing friction: fewer context switches, clearer tasks, and tools that stay out of your way. We'll collect practical habits that actually stick. Small improvements—one task list, automation for repeated steps, and protected focus time—compound over time. All of it without buying new tools or working longer hours.
Environment variables are key-value pairs provided to your process by the OS or runtime. They’re the standard way to pass config and secrets without hardcoding. Below: how they work and how to use them safely. They keep configuration and secrets out of source code so you can change values per environment and avoid committing credentials. We'll cover how to set and read them, validate and document them, and make your app fail fast when something is missing.
Git tracks changes in your project and lets you collaborate through branches and merges. You don’t need to know every command—a small set covers most daily work. We'll stick to that set. Git is the standard for version control in software teams; knowing the basics (clone, add, commit, push, pull, branch, merge) is enough to collaborate and revert mistakes. Here are those commands and how to avoid common pitfalls like committing secrets or breaking shared history.
Web tokens are a way to carry identity or permissions in a string. The most common is JWT (JSON Web Token). Below: what they are and how they’re used in APIs and sessions. Tokens are stateless from the server's perspective: the server verifies the signature and reads the payload without looking up session storage. We'll cover how tokens work, when to use them, and how to avoid common mistakes like storing them insecurely or putting secrets in the payload.
API authentication is how the server knows who is calling. We'll cover the main approaches: API keys, Bearer tokens, and OAuth-style flows, and when to use them. Choosing the right method (API key, Bearer token, or OAuth) depends on who the client is (your app, another service, or an end user) and whether you want to delegate identity to a provider. Below: how to implement and document them securely.
Some mistakes show up again and again: off-by-one errors, ignoring failures, or copying code without understanding it. We'll list frequent ones and how to avoid them. A short checklist (did I handle errors? did I check bounds? did I name this clearly?) catches many issues before they reach production or code review. Same mistakes, same fixes—here are practical habits to prevent them.