Lars-Erik Aabech’s Post

API was slow. Everyone blamed .NET.” Turns out, .NET wasn’t the villain. The database was. A single missing index was turning a 300ms query into a 4-second bottleneck. One line fixed it all: CREATE INDEX IX_UserId ON Orders(UserId); Lesson learned? Before you optimize code — optimize what your code talks to. Backend issues often live one layer below where we’re looking.

Found a simple but powerful optimization for large API responses in Django! While profiling some of our heavier endpoints, I came across the django-http-compression library — and the results were impressive: Here are a couple of examples (Brotli compression): --- /api/media_orders/ → 3679 media orders → Response size: 60.94 KB → 6.37 KB with compression (~10× smaller) --- /api/report_booked_media/ → Response size: 16.71 KB → 1.57 KB with compression --- /api/contracts/ → Response size: 237.23 KB → 11.46 KB with compression --- That’s a huge gain with minimal setup, plug it in and configure your middleware. Big thanks to Adam Johnson, who created and maintains this library 👏

🚀 REST API Tip: Does 404 mean 204? 🤔 Many developers get confused between HTTP 404 and HTTP 204 when designing APIs, and this can lead to unexpected behavior for API consumers. 📌 Let’s clarify the difference: 🔹 204 No Content Indicates that the operation was successful, but the server has no content to return. Example: DELETE /users/123 If the user with ID 123 existed and was deleted successfully, the server might return 204 No Content. ✅ Operation succeeded – but no data to return. 🔹 404 Not Found Indicates that the requested resource does not exist. Example: DELETE /users/999 If there’s no user with ID 999, the server returns 404 Not Found. ❌ The resource you tried to delete does not exist. ⚠️ Common mistake: Returning 404 instead of 204 when the delete operation succeeds but there’s nothing to return. Remember: 404 means the resource was never there, not “there’s no content to show.” 🧠 Key takeaway: ✅ 204 → Operation successful, but no content. ❌ 404 → Resource not found. 🎯 Use the right status code to make your API clear and predictable. #software #software_developers #restful #api #rest_api #status_code

🚀 Built a clean and minimal REST API to sharpen my backend fundamentals! Kept it lightweight with a simple in-memory array as the data store — perfect for getting hands-on with real CRUD workflows before bringing in a full database. Tech I leveraged: ✨ Express.js for routing ✨ body-parser for handling request bodies ✨ nodemon for auto-reload ✨ Postman for API testing Endpoints implemented: ✔ GET – fetch users ✔ POST – add users ✔ PUT – update users ✔ DELETE – remove users This mini-build helped me double-down on: 👉 How routes actually work under the hood 👉 The difference between req.body, req.query, and req.params 👉 Real PUT/DELETE behavior during testing 👉 Why middleware order matters Keeping it simple, scalable, and future-ready. Database integration coming soon. 💪🔥

✅ Q. Why do we use await inside try/catch in Node.js? ANS: Because async/await throws errors as rejected promises, and you need a proper way to catch those failures before they break your flow. 🔍 The Problem Async functions don’t throw like normal functions , they reject. If you don't handle the rejection, the error can bubble up, trigger warnings, and crash your process in strict setups. 🧠 Why this matters Prevents unhandled promise rejections Keeps async code readable Stops silent failures in database and API calls

Meet js-kt (server) + kt-client (type-safe client) — a one-two punch that turns API contracts from fragile guesses into first-class, editor-backed truth. Why this matters: ✅ No more “what does the backend expect?” — Live types from server → client, always. ⚡ Blazing routing + clustering — O(1) lookups, pattern caching, and multi-core support out of the box. 🔁 One handler, two transports — serve the same logic over HTTP and WebSockets with zero duplication. 🧭 File-based routes = zero boilerplate — your folder layout is the API. 📦 Auto-docs & type generation — npx kt-client load-types gives you editor autocomplete and runtime safety. Why I built it: I wanted a backend stack where developer experience and production performance aren’t compromises — clean DX, strict types, and rock-solid runtime behavior. If you build APIs, real-time features, or SPAs that rely on tight contracts — this will save you debugging hours and shipping risk. 🔗 Try it / star it / break it: https://lnkd.in/dbTjHebd https://lnkd.in/d-FPta5K #TypeScript #NodeJS #WebSockets #APIDesign #OpenSource #DeveloperExperience #jskt #ktclient

🧱𝐁𝐮𝐢𝐥𝐭 𝐚 𝐅𝐮𝐥𝐥-𝐒𝐭𝐚𝐜𝐤 𝐓𝐫𝐚𝐯𝐞𝐥 & 𝐀𝐜𝐜𝐨𝐦𝐦𝐨𝐝𝐚𝐭𝐢𝐨𝐧 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 — “𝐁𝐧𝐛𝐥𝐢𝐬𝐬” Recently completed a full-stack project built using MongoDB, Express, Node.js, and EJS — a travel and accommodation platform where users can upload and explore stays. I didn’t just follow tutorials. I first understood how each part works — routing, sessions, middleware, and data flow — and then implemented everything step by step. Here’s what I built and handled myself: 🧭 Search functionality with live suggestion dropdowns 🗂️ Filtering listings based on categories 🗺️ Map integration using Leaflet.js for location visualization 📸 Image upload & storage with Cloudinary + Multer 🔐 Authentication and session management using Passport.js 🌐 Deployment on Render Through this project, I got hands-on with: RESTful routing MVC structure Express middleware and error handling Working with environment variables Connecting backend logic to UI templates Handling real-world issues like validation, flash messages, and async errors You can check the deployed version here 👇 🔗 https://lnkd.in/gcDXXd8a And the codebase here 👇 💻 https://lnkd.in/gWyyzJ2h

🔒 Stop losing data in multi-user applications! The "lost update" problem is silently corrupting data in countless applications right now. Two users edit the same record, last save wins, first person's work disappears. No error. No warning. Just gone. I just published a complete guide on implementing optimistic concurrency in EF Core using DateTime timestamps instead of SQL Server's RowVersion: ✅ Works with ANY database provider (PostgreSQL, MySQL, SQLite) ✅ Human-readable timestamps for audit trails ✅ Automatic updates in SaveChangesAsync() ✅ Dual-layer conflict detection ✅ Proper 409 Conflict responses We build everything from scratch - entity configuration, service layer with conflict detection, and minimal API endpoints that handle concurrency exceptions gracefully. No mysterious byte arrays. No vendor lock-in. Just clean, production-ready code that protects your data integrity. 👉 Read the full post here: https://lnkd.in/emNiAPG7 👉 Want to master building robust APIs? Check out my Minimal APIs in ASP.NET Core course, where I cover advanced patterns like this: https://lnkd.in/epkevK_r #dotnet #aspnetcore #efcore #softwaredevelopment #webdevelopment

𝐌𝐨𝐬𝐭 𝐀𝐏𝐈 𝐩𝐞𝐫𝐟𝐨𝐫𝐦𝐚𝐧𝐜𝐞 𝐩𝐫𝐨𝐛𝐥𝐞𝐦𝐬 𝐚𝐫𝐞𝐧’𝐭 𝐢𝐧 𝐲𝐨𝐮𝐫 𝐂# 𝐜𝐨𝐝𝐞... 𝐁𝐮𝐭 𝐭𝐡𝐞𝐲’𝐫𝐞 𝐡𝐢𝐝𝐢𝐧𝐠 𝐢𝐧 𝐲𝐨𝐮𝐫 𝐝𝐚𝐭𝐚𝐛𝐚𝐬𝐞 𝐪𝐮𝐞𝐫𝐢𝐞𝐬. After refactoring to explicit loading, batching reads with Include(), and caching static lookups in memory, the average request time dropped to 0.21 seconds. No hardware upgrade. Just clean code + awareness. The client’s reaction: “𝐈𝐭 𝐟𝐞𝐞𝐥𝐬 𝐥𝐢𝐤𝐞 𝐚 𝐧𝐞𝐰 𝐬𝐲𝐬𝐭𝐞𝐦.” That’s when I realized performance isn’t a tool; it’s a discipline. A few weeks ago, I worked on a .NET Core project where API response times averaged 1.2 seconds per call. The team wanted to scale the server but scaling slow code just gives you expensive slow code. I opened Application Insights and found the real culprit: 🔹 EF Core’s lazy loading 🔹 Repeated joins on large tables 🔹 Missing .AsNoTracking() for read-only data If you’re working with .NET APIs: ✅ Always profile before optimizing ✅ Use .AsNoTracking() where writes aren’t needed ✅ Cache where data doesn’t change frequently ✅ Remember: Fast code is elegant code I love fine-tuning .NET systems to perform like Ferraris, not forklifts. If you’re building or maintaining enterprise-grade apps and struggling with performance then let’s connect. #DotNet #CSharp #BackendDevelopment #PerformanceTuning #EntityFramework #SoftwareEngineering #API #DOTNETAPI #Optimization #SoftwareDeveloperExpert #SAASSoftwareDeveloper #DotNetCore #AngularDeveloper #AzureDeveloper #AutomationEngineer #AIChatbotDeveloper #MuhammadAtharSaleem #SpargusSolutions

🗂️ Day 3: (Building in public: OpsFlow - Authorization - The Part Most Developers Get Wrong) Built the task management core today. Projects, tasks, members. Standard CRUD stuff. Except it's not. The Real Challenge: Not "can users create tasks?" but "can THIS user modify THIS specific task?" Here's where most apps fail: ❌ Authorization in middleware: `app.use('/tasks', verifyToken, taskRoutes)` Problem: Every task route needs different rules. Update = different from delete. ✅ Authorization in service layer: ```typescript async deleteTask(taskId: string, userId: string) {  const task = await Task.findById(taskId);  const project = await Project.findById(task.project);     // Resource-level check, not route-level  if (!project.hasAccess(userId)) {   throw new AuthorizationError();  }     // Action-level check  if (task.createdBy !== userId && !project.isOwner(userId)) {   throw new AuthorizationError("Only creator or owner can delete");  } } ``` Why this scales: 1. Business rules stay in one place 2. Can be tested independently 3. Flexible per-resource rules 4. Clear error messages The pattern I followed: • Project owners can do everything • Members can view + create tasks • Task creators can edit their tasks • Owners override all permissions Also added: • Pagination (page, limit, total) for list endpoints • Filtering (status, priority, assignee) • MongoDB indexes on query fields • Proper population of related data What I learned: Security isn't a feature you add. It's a constraint you design around from day one. Middleware is for "who are you?" Service layer is for "what can you do?" For juniors: Start with "deny by default" - explicitly allow what's needed, not the reverse. How do you handle resource-level authorization in your stack? #SoftwareArchitecture #Authorization #NodeJS #APIDesign #Security