Build an unshakeable understanding of HTTP semantics and REST constraints that will inform every API design decision throughout your career.
Curriculum
1HTTP methods: GET, POST, PUT, PATCH, DELETE semantics, idempotency, and safety guarantees
2Status codes: 2xx success, 3xx redirection, 4xx client errors, 5xx server errors, and correct usage
3REST constraints: statelessness, uniform interface, layered system, and resource-based architecture
4Resource naming conventions: plural nouns, hierarchical URIs, and sub-resource relationships
Step 2beginner4-6 weeks
API Design Principles
Develop the design skills to create APIs that developers love to use, with clear contracts, consistent patterns, and excellent documentation.
Curriculum
1OpenAPI/Swagger 3.0 specification: paths, schemas, parameters, and reusable components
2Versioning strategies: URI versioning, header versioning, query parameter, and sunset policies
3Pagination patterns: offset-based, cursor-based, keyset pagination, and page size limits
4Filtering and sorting: query parameter conventions, field selection, and complex filter expressions
Step 3intermediate4-6 weeks
Authentication & Authorization
Master the authentication and authorisation protocols that protect API ecosystems while enabling seamless and secure access for legitimate consumers.
Curriculum
1OAuth 2.0 grant types: authorization code, client credentials, PKCE, and device code flow
2OpenID Connect: ID tokens, UserInfo endpoint, discovery document, and session management
3JWT deep dive: header, payload, signature, claims, expiration, and refresh token rotation
4API key management: key generation, rotation, rate limiting per key, and usage tracking
Step 4intermediate6-8 weeks
GraphQL
Learn when and how to use GraphQL as a powerful alternative to REST, enabling clients to request exactly the data they need in a single query.
Curriculum
1Schema design: types, interfaces, unions, enums, input types, and schema-first vs code-first approaches
2Resolver implementation: field-level resolution, context injection, and middleware chains
3Mutations: input validation, optimistic responses, and transactional mutation patterns
4Subscriptions: WebSocket transport, pub/sub backends, and real-time data streaming
Step 5intermediate6-8 weeks
Event-Driven Architecture
Master asynchronous communication patterns that decouple services, improve scalability, and enable real-time data processing across distributed systems.
Curriculum
1Message queue fundamentals: producers, consumers, topics, partitions, and consumer groups
2Event sourcing: event store design, event replay, snapshots, and projection rebuilding
3CQRS: command-query separation, read model optimisation, and eventual consistency handling
4Apache Kafka: partitioning strategies, consumer group rebalancing, and exactly-once semantics
Step 6intermediate4-6 weeks
API Gateway Patterns
Learn to design and operate the API gateway layer that serves as the front door to your API ecosystem, handling cross-cutting concerns centrally.
Curriculum
1Rate limiting: token bucket, sliding window, and distributed rate limiting with Redis
2Throttling strategies: per-client quotas, burst handling, and graceful degradation under load
4Request transformation: header injection, body transformation, protocol translation, and request routing
Step 7advanced4-6 weeks
gRPC & Protocol Buffers
Master the high-performance RPC framework used by Google, Netflix, and other tech leaders for efficient inter-service communication.
Curriculum
1Protocol Buffer schema design: message types, field numbering, oneofs, and backward compatibility
2gRPC service definitions: unary, server streaming, client streaming, and bidirectional streaming
3Code generation: protoc compiler, language-specific plugins, and generated client/server stubs
4Streaming patterns: long-lived connections, flow control, and backpressure handling
Step 8advanced4-6 weeks
API Security
Develop a security-first mindset for API design and operation, understanding the unique attack surface that APIs expose and how to defend against exploitation.
Curriculum
1OWASP API Security Top 10: broken object-level authorisation, broken authentication, and excessive data exposure
Master asynchronous communication patterns that decouple services, improve scalability, and enable real-time data processing across distributed systems.
Curriculum
1Message queue fundamentals: producers, consumers, topics, partitions, and consumer groups
2Event sourcing: event store design, event replay, snapshots, and projection rebuilding
3CQRS: command-query separation, read model optimisation, and eventual consistency handling
4Apache Kafka: partitioning strategies, consumer group rebalancing, and exactly-once semantics
5RabbitMQ: exchanges, bindings, acknowledgements, prefetch, and clustering
6Dead letter queues: retry policies, exponential backoff, poison message handling, and alerting
OWASP ZAPBurp SuiteAWS WAF / Cloudflare WAF42Crunch API Security
🛡️
Step 8advanced4-6 weeks
API Security
Develop a security-first mindset for API design and operation, understanding the unique attack surface that APIs expose and how to defend against exploitation.
Curriculum
1OWASP API Security Top 10: broken object-level authorisation, broken authentication, and excessive data exposure