Fullstack CourseLearn by building
Back to week 3

Topic

Core API vertical-slice checklist

Definition

A core API vertical-slice checklist confirms that a single endpoint has a validated request contract, deliberate access control, a stable response and error shape, and accurate documentation, before it is considered done.

In simpler words

Before you call an endpoint finished, check that it validates input, guards access correctly, returns a predictable shape, and matches what /docs says it does.

Use the tickets endpoints as the reference: every route already satisfies this checklist, which is why they are a good template for a new one.

After this you can

  • Map one tickets endpoint to every checklist item
  • Apply the checklist in order when adding a new endpoint
  • Explain why this checklist is the bridge into the Week 4 vertical slice

Reading one endpoint against the checklist

Definition

A finished endpoint pairs a DTO or query DTO with global ValidationPipe enforcement, a guard decision appropriate to its sensitivity — public, authenticated, or role-restricted — a response shape consistent with related endpoints, and Swagger decorators that describe the same contract.

In simpler words

Nothing here is new — each item is a topic already covered; the checklist is about applying all of them to one route at once.

DELETE /tickets/:id: ParseUUIDPipe validates the id, @Roles("admin") restricts access, 204 with no body signals success without inventing a response shape, and NotFoundException from the service becomes a consistent 404 if the ticket does not exist.

GET /tickets: ListTicketsQueryDto validates and coerces page/limit/status/q, no @Roles restricts it beyond authentication, and the { data, meta } shape matches every other list endpoint.

DELETE /tickets/:id against the checklist

@Delete(':id')
@Roles('admin')
@HttpCode(HttpStatus.NO_CONTENT)
async remove(@Param('id', ParseUUIDPipe) id: string) {
  await this.ticketsService.remove(id);
}

Validated param, explicit role guard, explicit status code, and a service that throws a mapped exception on failure — every checklist item is visible in five lines.

Applying the checklist to a new endpoint

Definition

Adding a new endpoint should follow the same order every time: define the DTO and its validation, decide the guard and role requirement, decide the response and error shape relative to existing endpoints, and update the DTO’s Swagger decorators alongside the code.

In simpler words

Write the checklist items in that order and the endpoint mostly writes itself; skipping one item is how endpoints drift from the rest of the API.

A new PATCH /tickets/:id/assign restricted to admin needs: an AssignTicketDto with a validated assigneeId, @Roles("admin"), a response matching the existing ticket shape, and ApiProperty on the new field.

This checklist is the bridge into Week 4’s vertical slice — the same list applies whether you are adding one field or one whole resource.

PR checklist for one endpoint

- [ ] DTO validates every accepted field
- [ ] Guard/role matches the endpoint's sensitivity
- [ ] Response shape matches sibling endpoints ({ data, meta } for lists)
- [ ] Thrown exceptions map to the right status (404/400/401/403)
- [ ] Swagger decorators match the DTO and guard
- [ ] Verified via /docs or curl with real auth

If any box is unchecked, the endpoint is not done — regardless of whether it compiles.

Keep in mind

  • Apply DTO → guard → response shape → Swagger in that order for every new endpoint.
  • Match a new endpoint’s response shape to its siblings before inventing a new one.
  • Verify through /docs or curl with real auth, not just a type check.

Test

Check your understanding

At least 10 questions — mix of concept, syntax, practical, and logic. Score ≥ 80% (enforced by the API) to save progress.

Checking your session…

10 questions · concept 3 · syntax 2 · practical 3 · logic 2

Concept1. Which statement best defines Core API vertical-slice checklist?
Syntax2. Which code-level choice matches Core API vertical-slice checklist?
Practical3. A reviewer spots a bug related to Core API vertical-slice checklist. What is the right fix?
Logic4. Which reasoning correctly explains Core API vertical-slice checklist?
Concept5. Which boundary does correct use of Core API vertical-slice checklist preserve?
Practical6. What is the safest next step when applying Core API vertical-slice checklist?
Syntax7. Which implementation direction matches the rule for Core API vertical-slice checklist?
Logic8. Which consequence follows from applying Core API vertical-slice checklist correctly?
Concept9. Which claim about Core API vertical-slice checklist is true in this Nest + Postgres monorepo?
Practical10. Which team practice best demonstrates Core API vertical-slice checklist?