Best Practices
Follow these best practices to build secure, maintainable, and performant applications.
Security
API Key Management
- ✅ DO: Store API keys in environment variables
- ✅ DO: Use different keys for different environments
- ✅ DO: Rotate keys regularly
- ❌ DON'T: Commit keys to version control
- ❌ DON'T: Share keys in public channels
Input Validation
Always validate user input:
javascript
function validateProduct(product) {
if (!product.name || product.name.length < 3) {
throw new Error('Product name must be at least 3 characters');
}
if (product.price < 0) {
throw new Error('Price must be positive');
}
return true;
}
Performance
Lazy Loading
Load resources only when needed:
javascript
class LazyLoader {
constructor(loader) {
this.loader = loader;
this.cache = null;
}
async get() {
if (!this.cache) {
this.cache = await this.loader();
}
return this.cache;
}
}
Connection Pooling
Reuse connections when possible:
javascript
class ConnectionPool {
constructor(size = 10) {
this.pool = [];
this.size = size;
}
async get() {
if (this.pool.length > 0) {
return this.pool.pop();
}
return await this.createConnection();
}
release(connection) {
if (this.pool.length < this.size) {
this.pool.push(connection);
}
}
}
Error Handling
Structured Error Responses
javascript
class AppError extends Error {
constructor(message, statusCode, code) {
super(message);
this.statusCode = statusCode;
this.code = code;
}
toJSON() {
return {
error: {
message: this.message,
code: this.code,
statusCode: this.statusCode
}
};
}
}
Code Organization
Modular Structure
src/
├── api/
│ ├── products.js
│ └── billing.js
├── utils/
│ ├── validation.js
│ └── errors.js
└── config/
└── client.js
Consistent Naming
- Use descriptive variable names
- Follow consistent naming conventions
- Use constants for magic numbers
Testing
Unit Tests
javascript
describe('Product API', () => {
it('should create a product', async () => {
const product = await client.products.create({
name: 'Test Product',
price: 19.99
});
expect(product.name).toBe('Test Product');
});
});
Integration Tests
Test the full flow:
javascript
describe('Product Flow', () => {
it('should create, update, and delete a product', async () => {
const created = await client.products.create({ name: 'Test' });
const updated = await client.products.update(created.id, { name: 'Updated' });
await client.products.delete(updated.id);
});
});
Is this page helpful?