Prabesh Kunwar

AeroSports

Backend API (Express.js Core System)

Central Express.js backend powering all AeroSports applications with MSSQL, authentication, API keys, rate limiting, and fault-tolerant request handling.

Stack

Express.js backend

Database

MSSQL

Auth

JWT + API keys

Reliability

Rate limiting + retries

Role

Platform-wide data backbone

Case study

Tech Stack Overview

Grouped by the primary systems, languages, and infrastructure used in this build.

Frameworks

Express.js

Libraries

Sequelize, bcrypt, cors, ws, tplink-smarthome-api

Languages

JavaScript

Infrastructure

MSSQL

Supporting Systems

Admin Portal

Overview

The Backend API is the backbone of the entire AeroSports platform.

It is built using Express.js and connects all systems to a centralized MSSQL database hosted on the server.

Every major system depends on it, including:

  • Kiosk systems
  • Game engine
  • Scorecard
  • POS
  • Registration tablets
  • Admin portal

It is responsible for:

  • data access
  • authentication and authorization
  • request validation
  • system reliability
  • performance optimization

As the system scaled, the backend evolved from a simple data provider into a robust, secure, and fault-tolerant core system.

Architecture

The backend API acts as the central data and control layer, connecting all AeroSports applications to the MSSQL database while enforcing security, validation, and reliability through middleware.

Core systemCentral APIFault-tolerant
AeroSports Systems
Express API
MSSQL Database

Request Flow & Middleware

All requests pass through a structured middleware pipeline before reaching business logic.

1. Request Validation

Every request is validated to ensure:

  • proper structure
  • required fields
  • valid parameters

2. Authentication

Two authentication methods are supported:

JWT Tokens

  • used for user-based systems (e.g., admin portal)
  • verifies logged-in users

API Keys

  • used for machines (kiosk, POS, tablets)
  • avoids requiring user login on physical devices
  • each machine has its own API key stored in the database

3. Authorization

After authentication, requests are checked for:

  • role-based access
  • permission level
  • allowed actions

Additionally:

  • location/IP restrictions are applied for sensitive operations

4. Rate Limiting

Each API key or token is monitored to:

  • prevent excessive requests
  • avoid system overload
  • maintain stability across all connected systems

5. Retry Mechanism

A retry middleware ensures reliability:

  • failed requests are retried automatically
  • retries occur within a configured time window
  • prevents temporary failures from breaking the system

6. Business Logic Execution

Only after passing all middleware layers does the request:

  • interact with controllers
  • execute logic
  • query/update the database

This layered design ensures:

  • security
  • stability
  • predictable behavior across all systems

Interface Evolution

Challenges

My Contribution

I built the backend system from scratch and evolved it into a reliable core platform.

My contributions included:

  • designing and implementing the Express.js API
  • structuring database access and relationships
  • optimizing performance and fixing blocking issues
  • designing and implementing middleware architecture
  • adding retry mechanisms for reliability
  • implementing authentication and authorization (JWT + API keys)
  • introducing rate limiting and security layers

As the team grew:

  • I delegated feature development
  • provided requirements and design direction
  • reviewed implementations and ensured consistency

This project represents my work in turning a simple backend into a scalable, secure, and fault-tolerant system that supports the entire platform.

Tech Used

Core technologies

Node.jsNode.js
Express.jsExpress.js
MMSSQL
JJWT

Supporting technologies

RAREST API
MMiddleware