π Designing Public & Admin Routes Properly in Express (Node.js + TypeScript)
When building a scalable backend API, one common question is: Should we separate admin routes like /api/admin/categories Or protect routes using middleware? In this article, Iβll show you the clean and scalable way to structure public and admin routes. π The Use Case We are building a Blog System with categories. We need: Public users β View all categories Admin users β Create categories β Bad Practice (URL-Based Role Separation) POST /api/admin/categories GET /api/categories Why this is not ideal? URL becomes tightly coupled with roles Harder to scale Not RESTful Role logic leaks into routing β Recommended Approach (Middleware-Based Authorization) Keep URLs clean and RESTful. GET /api/categories β Public POST /api/categories β Admin only Access control should be handled by middleware, not the URL. π Project Structure (Feature-Based Architecture) src/ βββ modules/ β βββ categories/ β β βββ categories.controller.ts β β βββ categories.service.ts β β βββ categories.routes.ts β β βββ categ
Continue reading on Dev.to Webdev
Opens in a new tab
