Databases and APIs

Practical backend concepts for working with engineering. Distilled from working as a PM at an early-stage startup.

ERD — Entity Relationship Diagram

An ERD is a visual map of your database: what data you store, and how the pieces connect. Entities (tables) are boxes; relationships (one-to-many, many-to-many) are the lines between them. When a feature touches data, sketching the ERD answers “what do we store, and what links to what” before anyone writes a migration — it’s the data equivalent of a user flow.

Postgres and YAML

  • Postgres — a relational database; data lives in tables with defined columns and relationships (the things an ERD describes).
  • YAML — a human-readable format for configuration (services, pipelines, infra). Not a database — it’s how you declare setup, indentation-based and easy to diff.

Calling a REST API with a key + secret

A common auth pattern for machine-to-machine access:

  1. You’re issued a consumer key and consumer secret (an app credential, not a user password).
  2. You use them to authenticate to the API.
  3. Then you fire HTTP requestsGET to read, POST to create/send — often quickly from the command line (e.g. curl) while testing.

For user-delegated access (rather than an app credential), the relevant pattern is OAuth — see OAuth.

RBAC — Role-Based Access Control

RBAC decides who can do what by assigning permissions to roles, and roles to users — instead of granting permissions to each person individually. E.g. an “admin” role can edit and delete; a “viewer” role can only read. It scales cleanly: change the role, and every user with it updates at once.