Forem: Kshitij Sharma The latest articles on Forem by Kshitij Sharma (@kshitij_sharma_fd33fdb032). https://forem.com/kshitij_sharma_fd33fdb032 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892871%2Fb33f228c-f438-4022-9db2-6b287297b3c4.png Forem: Kshitij Sharma https://forem.com/kshitij_sharma_fd33fdb032 en Why is it important to make a good api rather than a clean api Kshitij Sharma Thu, 23 Apr 2026 09:25:56 +0000 https://forem.com/kshitij_sharma_fd33fdb032/why-is-it-important-to-make-a-good-api-rather-than-a-clean-api-5bmk https://forem.com/kshitij_sharma_fd33fdb032/why-is-it-important-to-make-a-good-api-rather-than-a-clean-api-5bmk <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl" class="crayons-story__hidden-navigation-link">When Your “Clean” REST API Becomes a Production Nightmare</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/kshitij_sharma_fd33fdb032" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892871%2Fb33f228c-f438-4022-9db2-6b287297b3c4.png" alt="kshitij_sharma_fd33fdb032 profile" class="crayons-avatar__image" width="96" height="96"> </a> </div> <div> <div> <a href="/kshitij_sharma_fd33fdb032" class="crayons-story__secondary fw-medium m:hidden"> Kshitij Sharma </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> Kshitij Sharma <div id="story-author-preview-content-3539092" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/kshitij_sharma_fd33fdb032" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892871%2Fb33f228c-f438-4022-9db2-6b287297b3c4.png" class="crayons-avatar__image" alt="" width="96" height="96"> </span> <span class="crayons-link crayons-subtitle-2 mt-5">Kshitij Sharma</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl" class="crayons-story__tertiary fs-xs"><time>Apr 23</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl" id="article-link-3539092"> When Your “Clean” REST API Becomes a Production Nightmare </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--monochrome " href="/t/api"><span class="crayons-tag__prefix">#</span>api</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/backend"><span class="crayons-tag__prefix">#</span>backend</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/systemdesign"><span class="crayons-tag__prefix">#</span>systemdesign</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/webdev"><span class="crayons-tag__prefix">#</span>webdev</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="24" height="24"> </span> </span> <span class="aggregate_reactions_counter">1<span class="hidden s:inline"> reaction</span></span> </div> </a> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> Comments <span class="hidden s:inline">Add Comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 4 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> When Your “Clean” REST API Becomes a Production Nightmare Kshitij Sharma Thu, 23 Apr 2026 04:41:21 +0000 https://forem.com/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl https://forem.com/kshitij_sharma_fd33fdb032/when-your-clean-rest-api-becomes-a-production-nightmare-33hl <p>Everything looked perfect on paper.</p> <ul> <li>Clean endpoints</li> <li>Nice resource naming</li> <li>Proper HTTP methods</li> </ul> <p>Then production hit:</p> <ul> <li>Clients started retrying aggressively</li> <li>Data inconsistencies appeared</li> <li>Versioning became a mess</li> <li>One change broke 3 consumers</li> </ul> <p>That’s when reality kicks in:</p> <blockquote> <p>REST API design is not about elegance — it’s about survivability under change.</p> </blockquote> <h1> The Real Constraints of REST APIs in Production </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhy8toz7b70gi4krjywg.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmhy8toz7b70gi4krjywg.jpg" alt=" " width="800" height="492"></a></p> <p>You’re not designing endpoints.<br> You’re designing <strong>contracts under uncertainty</strong>.</p> <p>What actually shapes your API:</p> <ul> <li>Multiple clients (web, mobile, third-party)</li> <li>Network unreliability</li> <li>Backward compatibility pressure</li> <li>Partial failures</li> <li>Latency budgets</li> <li>Data ownership boundaries</li> </ul> <p>Ignoring these = brittle APIs that collapse under scale.</p> <h1> Resource Modeling Is Where Most People Fail </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foqv2pmkev2qrnwood05y.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foqv2pmkev2qrnwood05y.jpg" alt=" " width="539" height="495"></a></p> <p>Everyone talks about <code>/users</code> and <code>/orders</code>.</p> <p>That’s surface-level.</p> <p>The real question:</p> <blockquote> <p><strong>What is the lifecycle of your resource?</strong></p> </blockquote> <h3> Bad Design (naive CRUD mindset) </h3> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /orders GET /orders/:id PUT /orders/:id DELETE /orders/:id </span></code></pre> </div> <p>Looks fine. Completely wrong for real systems.</p> <p>Why?</p> <ul> <li>Orders aren’t freely mutable</li> <li>State transitions matter (created → paid → shipped)</li> <li>Business rules are ignored</li> </ul> <h1> Model State Transitions Explicitly </h1> <p>Better:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /orders POST /orders/:id/pay POST /orders/:id/ship POST /orders/:id/cancel </span></code></pre> </div> <p>Now:</p> <ul> <li>You encode business logic in API</li> <li>You prevent invalid transitions</li> <li>You reduce client-side bugs</li> </ul> <h1> Idempotency: The Thing That Saves You From Chaos </h1> <p>Most APIs break under retries.</p> <p>Reality:</p> <ul> <li>Clients retry</li> <li>Proxies retry</li> <li>Load balancers retry</li> </ul> <p>If your endpoint isn’t idempotent → duplicate operations.</p> <h2> Real Failure Case </h2> <p>Payment API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /payments </span></code></pre> </div> <p>Client times out → retries → duplicate charge.</p> <p>Congrats, you just lost user trust.</p> <h2> Fix: Idempotency Keys </h2> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /payments Idempotency-Key: 8f3a-xyz-123 </span></code></pre> </div> <p>Server logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nf">exists</span><span class="p">(</span><span class="nx">idempotencyKey</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">previousResponse</span><span class="p">;</span> <span class="p">}</span> <span class="nf">processPayment</span><span class="p">();</span> <span class="nf">storeResult</span><span class="p">(</span><span class="nx">idempotencyKey</span><span class="p">);</span> </code></pre> </div> <h1> Partial Failure Handling (The Silent Killer) </h1> <p>Your API calls:</p> <ul> <li>DB</li> <li>Cache</li> <li>External service</li> </ul> <p>One fails.</p> <p>Now what?</p> <p>Most APIs:</p> <blockquote> <p>Return 500 and pray.</p> </blockquote> <p>That’s not a strategy.</p> <h2> Better Approach: Explicit Failure Semantics </h2> <ul> <li>Return partial success where valid</li> <li>Use compensating actions</li> <li>Log correlation IDs</li> </ul> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"partial_success"</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="err">...</span><span class="p">},</span><span class="w"> </span><span class="nl">"failed_dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"inventory-service"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h1> Versioning: Where APIs Go to Die </h1> <p>Naive approach:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/v1/users /v2/users </code></pre> </div> <p>Problem:</p> <ul> <li>You now maintain 2 systems forever</li> <li>Clients don’t migrate</li> </ul> <h2> Better Strategy: Evolution Over Versioning </h2> <ul> <li>Add fields, don’t remove</li> <li>Use default values</li> <li>Deprecate gradually</li> </ul> <h2> When Versioning Is Actually Needed </h2> <ul> <li>Breaking contract changes</li> <li>Semantic shifts (not just fields)</li> </ul> <p>Even then:</p> <blockquote> <p>Prefer header-based versioning<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">Accept: application/vnd.myapi.v2+json </span></code></pre> </div> <h1> Overfetching vs Underfetching </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvp0lxyp0n26iaslyxcdl.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvp0lxyp0n26iaslyxcdl.jpg" alt=" " width="800" height="800"></a></p> <p>Classic REST problem.</p> <h2> Overfetching </h2> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /users/:id </span></code></pre> </div> <p>Returns:</p> <ul> <li>Name</li> <li>Email</li> <li>Address</li> <li>Preferences</li> <li>Activity logs</li> </ul> <p>Client only needs name.</p> <p>Waste:</p> <ul> <li>bandwidth</li> <li>latency</li> </ul> <h2> Underfetching </h2> <p>Client needs:</p> <ul> <li>user</li> <li>orders</li> <li>payments</li> </ul> <p>Makes 3 calls.</p> <p>Now latency multiplies.</p> <h2> Practical Fix: Controlled Expansion </h2> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /users/:id?include=orders,payments </span></code></pre> </div> <p>Trade-off:</p> <ul> <li>More complex backend</li> <li>Better client efficiency</li> </ul> <h1> Implementation: What a Production-Ready API Looks Like </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F10qnhnk52hn2rx8pnhzq.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F10qnhnk52hn2rx8pnhzq.jpg" alt=" " width="800" height="619"></a></p> <h2> Express.js Example (Opinionated Structure) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="c1">// Middleware: request ID for tracing</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">req</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">();</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> <span class="c1">// Idempotency middleware</span> <span class="kd">const</span> <span class="nx">store</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/payments</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">key</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">idempotency-key</span><span class="dl">'</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">store</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">key</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">store</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">key</span><span class="p">));</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">processPayment</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="nx">store</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">result</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">result</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Explicit state transition</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/orders/:id/ship</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getOrder</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">order</span><span class="p">.</span><span class="nx">status</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">paid</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Invalid state</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="k">await</span> <span class="nf">shipOrder</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">shipped</span><span class="dl">'</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h1> Common Mistakes That Kill APIs </h1> <h2> ❌ Treating REST Like CRUD </h2> <p>You ignore:</p> <ul> <li>business logic</li> <li>state transitions</li> <li>invariants</li> </ul> <h2> ❌ Ignoring Timeouts and Retries </h2> <p>Your system works… until network instability hits.</p> <h2> ❌ No Observability </h2> <p>No:</p> <ul> <li>request IDs</li> <li>structured logs</li> <li>tracing</li> </ul> <p>Debugging becomes guessing.</p> <h2> ❌ Tight Coupling to DB Schema </h2> <p>Changing DB → breaks API</p> <p>Fix:</p> <blockquote> <p>API is a contract, not a reflection of your database</p> </blockquote> <h2> ❌ Overusing HTTP Status Codes </h2> <p>People do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">200 OK (with error inside body) </span></code></pre> </div> <p>Or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">500 for everything </span></code></pre> </div> <p>Both are wrong.</p> <h1> Trade-offs You Can’t Escape </h1> <h2> Flexibility vs Simplicity </h2> <ul> <li>Flexible APIs → harder to maintain</li> <li>Simple APIs → limited use cases</li> </ul> <h2> Performance vs Consistency </h2> <ul> <li>Strong consistency → slower</li> <li>Eventual consistency → complex</li> </ul> <h2> Versioning vs Evolution </h2> <ul> <li>Versioning → fragmentation</li> <li>Evolution → constraints on change</li> </ul> <h2> Abstraction vs Control </h2> <ul> <li>High abstraction → easy usage</li> <li>Low abstraction → better performance</li> </ul> <h1> What a Mature REST API Actually Looks Like </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylppy7ge24wotdqiyzbx.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylppy7ge24wotdqiyzbx.jpg" alt=" " width="800" height="640"></a></p> <ul> <li>Explicit state transitions</li> <li>Idempotent operations</li> <li>Backward-compatible changes</li> <li>Observability baked in</li> <li>Controlled data fetching</li> <li>Failure-aware responses</li> </ul> <h1> Final Reality Check </h1> <p>If your API:</p> <ul> <li>breaks on retries</li> <li>can’t evolve without versioning chaos</li> <li>hides business logic</li> <li>lacks observability</li> </ul> <p>It’s not production-ready.</p> <h1> Key Takeaways </h1> <ul> <li>REST is not CRUD — it’s contract design under failure</li> <li>Idempotency is non-negotiable</li> <li>State transitions must be explicit</li> <li>Versioning is a last resort, not default</li> <li>Most failures come from network behavior, not code</li> <li>API design is about handling <em>bad conditions</em>, not ideal flows</li> </ul> <p>If you design APIs assuming everything works perfectly,<br> your system will fail the moment it doesn’t.</p> api backend systemdesign webdev Understand the mechanism behind the api failing randomly Kshitij Sharma Wed, 22 Apr 2026 17:41:09 +0000 https://forem.com/kshitij_sharma_fd33fdb032/understand-the-mechanism-behind-the-api-failing-randomly-2mci https://forem.com/kshitij_sharma_fd33fdb032/understand-the-mechanism-behind-the-api-failing-randomly-2mci <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3" class="crayons-story__hidden-navigation-link">When Your API “Randomly” Starts Timing Out</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/kshitij_sharma_fd33fdb032" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892871%2Fb33f228c-f438-4022-9db2-6b287297b3c4.png" alt="kshitij_sharma_fd33fdb032 profile" class="crayons-avatar__image" width="96" height="96"> </a> </div> <div> <div> <a href="/kshitij_sharma_fd33fdb032" class="crayons-story__secondary fw-medium m:hidden"> Kshitij Sharma </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> Kshitij Sharma <div id="story-author-preview-content-3537617" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/kshitij_sharma_fd33fdb032" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3892871%2Fb33f228c-f438-4022-9db2-6b287297b3c4.png" class="crayons-avatar__image" alt="" width="96" height="96"> </span> <span class="crayons-link crayons-subtitle-2 mt-5">Kshitij Sharma</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3" class="crayons-story__tertiary fs-xs"><time>Apr 22</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3" id="article-link-3537617"> When Your API “Randomly” Starts Timing Out </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--monochrome " href="/t/backend"><span class="crayons-tag__prefix">#</span>backend</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/webdev"><span class="crayons-tag__prefix">#</span>webdev</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/networking"><span class="crayons-tag__prefix">#</span>networking</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/distributedsystems"><span class="crayons-tag__prefix">#</span>distributedsystems</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="24" height="24"> </span> </span> <span class="aggregate_reactions_counter">1<span class="hidden s:inline"> reaction</span></span> </div> </a> <a href="https://dev.to/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> Comments <span class="hidden s:inline">Add Comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 4 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> When Your API “Randomly” Starts Timing Out Kshitij Sharma Wed, 22 Apr 2026 17:30:48 +0000 https://forem.com/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3 https://forem.com/kshitij_sharma_fd33fdb032/when-your-api-randomly-starts-timing-out-6a3 <p>You deploy a perfectly fine service. Load tests passed. Latency looked clean. Then production hits—and suddenly:</p> <ul> <li>P95 latency spikes</li> <li>Requests hang without logs</li> <li>CPU is fine, memory is fine… but users are screaming</li> </ul> <p>This isn’t a “bug.” This is you not understanding the <strong><em>actual HTTP request lifecycle</em></strong> beyond the textbook diagram.</p> <p>If you don’t know what <strong><em>really</em></strong> happens between a client sending a request and your handler returning a response, you’re flying blind.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3sn82cip1cu0vf98te3b.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3sn82cip1cu0vf98te3b.jpg" alt=" " width="800" height="725"></a></p> <h2> HTTP Request Lifecycle — What Actually Happens Under the Hood </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxlemttnwnohmubuj150r.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxlemttnwnohmubuj150r.jpg" alt=" " width="775" height="708"></a></p> <p>Forget diagrams like <strong><em>Client → Server → Response</em></strong>. That’s marketing-level abstraction.</p> <p>A real request goes through:</p> <h3> 1. Connection Establishment </h3> <ul> <li>DNS resolution</li> <li>TCP handshake (3-way)</li> <li>TLS handshake (if HTTPS)</li> <li>Connection pooling / reuse (keep-alive)</li> </ul> <h3> 2. Kernel → User Space Transition </h3> <ul> <li>NIC receives packet → kernel buffer</li> <li>Socket read readiness via epoll/kqueue</li> <li>Data copied into user space buffers</li> </ul> <h3> 3. HTTP Parsing </h3> <ul> <li>Raw bytes → protocol parsing (headers, method, path)</li> <li>Chunked decoding / content-length validation</li> <li>Header normalization</li> </ul> <h3> 4. Routing &amp; Middleware Chain </h3> <ul> <li>Path matching (often regex or trie-based)</li> <li>Middleware execution (auth, logging, rate limiting)</li> </ul> <h3> 5. Business Logic Execution </h3> <ul> <li>DB calls</li> <li>External APIs</li> <li>CPU-bound work</li> </ul> <h3> 6. Response Construction </h3> <ul> <li>Serialization (JSON, protobuf, etc.)</li> <li>Compression (gzip, brotli)</li> </ul> <h3> 7. Write Back to Socket </h3> <ul> <li>Kernel send buffer</li> <li>TCP congestion control</li> <li>Potential partial writes</li> </ul> <h3> 8. Connection Lifecycle Decision </h3> <ul> <li>Keep-alive reuse vs close</li> <li>Idle timeout tracking</li> </ul> <p>Miss any one of these layers, and you’ll misdiagnose production issues.</p> <h1> Where Systems Actually Break </h1> <p>Let’s cut the theory. Real failures:</p> <h3> 🔴 1. Head-of-Line Blocking in Connection Pools </h3> <p>You think you're async, but your HTTP client pool is exhausted.</p> <p>Result:</p> <ul> <li>Requests queue waiting for a free connection</li> <li>Latency explodes without CPU increase</li> </ul> <h3> 🔴 2. Slow Clients = Resource Leaks </h3> <p>If a client reads slowly:</p> <ul> <li>Your server keeps buffers open</li> <li>Threads/event-loop slots remain occupied</li> </ul> <p>This is <strong><em>classic slowloris territory</em></strong>.</p> <h3> 🔴 3. Middleware Abuse </h3> <p>Stacking 10 middlewares sounds clean.</p> <p>Reality:</p> <ul> <li>Each adds latency</li> <li>Each may block (logging, auth calls)</li> <li>Hard to reason about ordering</li> </ul> <h3> 🔴 4. TLS Handshake Overhead </h3> <p>Without reuse:</p> <ul> <li>Every request pays ~1–2 RTT extra</li> <li>CPU spikes due to crypto</li> </ul> <h3> 🔴 5. Kernel Buffer Backpressure </h3> <p>Your app “sent” the response.</p> <p>Kernel says:</p> <blockquote> <p>Nope, buffer full. Try later.</p> </blockquote> <p>If you ignore this:</p> <ul> <li>Writes block</li> <li>Event loop stalls</li> <li>Throughput collapses</li> </ul> <h1> Architecture Decisions That Actually Matter </h1> <h2> 1. Thread-per-request vs Event Loop </h2> <h3> Thread-per-request (e.g., classic Java) </h3> <p>Pros:</p> <ul> <li>Simpler mental model</li> <li>Blocking code is fine</li> </ul> <p>Cons:</p> <ul> <li>Context switching overhead</li> <li>Memory per thread (~1MB stack)</li> </ul> <h3> Event-driven (Node.js, Netty, Go runtime hybrid) </h3> <p>Pros:</p> <ul> <li>High concurrency</li> <li>Efficient IO</li> </ul> <p>Cons:</p> <ul> <li>Blocking = catastrophic</li> <li>Debugging harder</li> </ul> <h2> 2. Reverse Proxy in Front (NGINX / Envoy) </h2> <p>You <strong><em>should not</em></strong> expose your app server directly.</p> <p>Why:</p> <ul> <li>Handles TLS termination</li> <li>Absorbs slow clients</li> <li>Better connection management</li> </ul> <h2> 3. Connection Reuse Strategy </h2> <p>Bad:</p> <ul> <li>New TCP per request</li> </ul> <p>Better:</p> <ul> <li>HTTP/1.1 keep-alive</li> </ul> <p>Best:</p> <ul> <li>HTTP/2 multiplexing</li> </ul> <p>Trade-off:</p> <ul> <li>HTTP/2 introduces head-of-line blocking at TCP layer</li> <li>QUIC (HTTP/3) fixes it but adds complexity</li> </ul> <h1> Implementation: What This Looks Like in Code </h1> <h2> Example: Minimal HTTP Server (Node.js — showing lifecycle touchpoints) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">http</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// 1. Request received (already parsed by Node's HTTP parser)</span> <span class="c1">// 2. Middleware simulation</span> <span class="kd">const</span> <span class="nx">start</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">x-block</span><span class="dl">'</span><span class="p">])</span> <span class="p">{</span> <span class="c1">// simulate bad middleware</span> <span class="k">while </span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">-</span> <span class="nx">start</span> <span class="o">&lt;</span> <span class="mi">100</span><span class="p">)</span> <span class="p">{}</span> <span class="p">}</span> <span class="c1">// 3. Business logic</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">responseBody</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// 4. Response write</span> <span class="nx">res</span><span class="p">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">setHeader</span><span class="p">(</span><span class="dl">'</span><span class="s1">Content-Length</span><span class="dl">'</span><span class="p">,</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nf">byteLength</span><span class="p">(</span><span class="nx">responseBody</span><span class="p">));</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">responseBody</span><span class="p">);</span> <span class="c1">// 5. End response (flush to kernel)</span> <span class="nx">res</span><span class="p">.</span><span class="nf">end</span><span class="p">();</span> <span class="p">},</span> <span class="mi">10</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// 6. Connection-level tuning</span> <span class="nx">server</span><span class="p">.</span><span class="nx">keepAliveTimeout</span> <span class="o">=</span> <span class="mi">5000</span><span class="p">;</span> <span class="nx">server</span><span class="p">.</span><span class="nx">headersTimeout</span> <span class="o">=</span> <span class="mi">6000</span><span class="p">;</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <h2> Where This Code Lies to You </h2> <ul> <li>You don’t see TCP</li> <li>You don’t see kernel buffers</li> <li>You don’t control backpressure explicitly</li> <li>You don’t see partial writes</li> </ul> <p>That abstraction is convenient—and dangerous.</p> <h1> Advanced Concern: Backpressure Handling </h1> <p>Most people ignore this. That’s why systems collapse under load.</p> <h3> Example (Node.js stream backpressure): </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">writeResponse</span><span class="p">(</span><span class="nx">res</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">canContinue</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">canContinue</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Kernel buffer full — wait</span> <span class="nx">res</span><span class="p">.</span><span class="nf">once</span><span class="p">(</span><span class="dl">'</span><span class="s1">drain</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Resumed writing</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you ignore this:</p> <ul> <li>Memory spikes</li> <li>Latency spikes</li> <li>Eventually crashes</li> </ul> <h1> Failure Case: Timeout Mismatch Hell </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcpzt0mk2bfgd217l2zpq.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcpzt0mk2bfgd217l2zpq.jpg" alt=" " width="637" height="467"></a></p> <p>You configure:</p> <ul> <li>Load balancer timeout: 60s</li> <li>App server timeout: 30s</li> <li>DB timeout: 10s</li> </ul> <p>What happens?</p> <ul> <li>DB times out → app retries</li> <li>App still running → LB kills connection</li> <li>Client retries → duplicate work</li> </ul> <p>Result:</p> <ul> <li>Cascade failure</li> </ul> <h1> Trade-offs You Can’t Avoid </h1> <h2> Latency vs Throughput </h2> <ul> <li>Small buffers → lower latency, more syscalls</li> <li>Large buffers → better throughput, worse tail latency</li> </ul> <h2> Simplicity vs Control </h2> <ul> <li>Frameworks hide complexity</li> <li> <p>But you lose control over:</p> <ul> <li>connection reuse</li> <li>backpressure</li> <li>parsing behavior</li> </ul> </li> </ul> <h2> CPU vs Network Efficiency </h2> <ul> <li>Compression saves bandwidth</li> <li>Costs CPU</li> <li>Under load, CPU becomes bottleneck</li> </ul> <h2> Keep-Alive vs Resource Locking </h2> <ul> <li>Keep-alive reduces handshake overhead</li> <li>But holds connections longer</li> <li>Risk: connection pool exhaustion</li> </ul> <h2> Final System Design (What Actually Works in Production) </h2> <p>A sane architecture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client ↓ CDN (optional) ↓ Reverse Proxy (NGINX / Envoy) ↓ App Server (stateless, event-driven) ↓ Service Layer ↓ Database / Cache </code></pre> </div> <p>Key rules:</p> <ul> <li>Terminate TLS early</li> <li>Enforce timeouts at every layer</li> <li>Use connection pooling aggressively</li> <li>Monitor queueing, not just CPU</li> </ul> <h2> Key Takeaways (No Fluff) </h2> <ul> <li>HTTP lifecycle is mostly <em>not</em> in your code—it’s in the kernel and network stack</li> <li>Most latency issues are queueing problems, not computation problems</li> <li>Backpressure is real; ignoring it will kill your system</li> <li>Middleware is not free—treat it like production code, not decoration</li> <li>Timeouts must be aligned across layers or you create cascading failures</li> <li>Keep-alive and pooling are double-edged swords</li> </ul> <p>If you still think HTTP is just “request comes in, response goes out,” you’re not ready to debug production systems.</p> backend webdev networking distributedsystems