Description

This curriculum spans the breadth of backend development work seen in multi-workshop technical programs, covering architecture, data, security, and operations with the same depth as internal capability initiatives in mid-to-large engineering organisations.

Module 1: System Architecture and Design Principles

Selecting between monolithic, microservices, and modular monolith architectures based on team size, deployment frequency, and domain complexity.
Defining bounded contexts in domain-driven design to align service boundaries with business capabilities and reduce coupling.
Implementing API gateways to manage routing, authentication, and rate limiting across distributed services.
Evaluating trade-offs between REST, GraphQL, and gRPC for inter-service communication based on payload size, client needs, and latency requirements.
Designing asynchronous communication patterns using message brokers like Kafka or RabbitMQ to decouple producers and consumers.
Establishing versioning strategies for public APIs to support backward compatibility during schema evolution.

Module 2: Data Modeling and Persistence Strategies

Choosing between relational and NoSQL databases based on data consistency requirements, query patterns, and scalability needs.
Designing database schemas with normalization versus denormalization trade-offs for read-heavy versus write-heavy workloads.
Implementing connection pooling to manage database resource utilization under high concurrency.
Configuring indexing strategies to optimize query performance while minimizing write overhead and storage costs.
Planning for data migration workflows using tools like Flyway or Liquibase with zero-downtime deployment constraints.
Enforcing data integrity through constraints, transactions, and application-level validation across distributed systems.

Module 3: Authentication, Authorization, and Security

Integrating OAuth 2.0 and OpenID Connect for third-party identity providers while managing token lifetime and refresh mechanisms.
Implementing role-based (RBAC) and attribute-based (ABAC) access control to enforce fine-grained permissions.
Securing APIs with signed JWTs and validating scopes on each request in distributed environments.
Applying secure session management using HTTP-only cookies or token storage with CSRF protection.
Conducting regular security audits of dependency trees using SCA tools to detect known vulnerabilities in libraries.
Encrypting sensitive data at rest and in transit using TLS 1.3 and database-level encryption with key rotation policies.

Module 4: Backend Performance and Scalability

Designing caching layers using Redis or Memcached with appropriate eviction policies and cache invalidation strategies.
Optimizing database queries by analyzing execution plans and eliminating N+1 query patterns in ORM usage.
Scaling stateless services horizontally using container orchestration platforms like Kubernetes with auto-scaling rules.
Implementing rate limiting and circuit breakers to prevent cascading failures during traffic spikes.
Profiling application performance using APM tools to identify bottlenecks in CPU, memory, or I/O usage.
Sharding large datasets across multiple database instances based on tenant or geographic distribution.

Module 5: Event-Driven Systems and Messaging

Designing idempotent message consumers to handle duplicate deliveries in distributed messaging systems.
Choosing between at-least-once and exactly-once delivery semantics based on business criticality and infrastructure support.
Implementing event sourcing patterns with event stores to reconstruct state and audit data changes.
Managing schema evolution in event payloads using schema registries like Confluent Schema Registry.
Monitoring message queue backlogs to detect consumer lag and trigger operational alerts.
Ensuring message ordering guarantees when required by partitioning topics by key in distributed brokers.

Module 6: Deployment, CI/CD, and Infrastructure as Code

Configuring CI/CD pipelines with automated testing, security scanning, and deployment gates for staging environments.
Managing environment-specific configurations using externalized config servers or secure secret stores.
Implementing blue-green or canary deployments to reduce risk during production releases.
Defining infrastructure using Terraform or Pulumi with version-controlled modules for reproducibility.
Automating rollback procedures triggered by health check failures or anomaly detection in metrics.
Enforcing immutability of deployed artifacts by building once and promoting across environments.

Module 7: Observability and Operational Resilience

Instrumenting applications with structured logging to enable efficient querying and correlation across services.
Configuring distributed tracing with OpenTelemetry to track request flows across service boundaries.
Setting up alerting rules based on SLOs and error budgets rather than raw thresholds to reduce noise.
Designing health checks that reflect actual service dependencies and readiness for traffic.
Conducting chaos engineering experiments to test failure recovery in staging environments.
Archiving and rotating logs and metrics based on retention policies and compliance requirements.

Module 8: API Design and Developer Experience

Documenting APIs using OpenAPI Specification with examples, error codes, and rate limit details.
Providing SDKs or client libraries for major programming languages to reduce integration effort.
Enforcing consistent error response formats across all endpoints to simplify client handling.
Implementing pagination, filtering, and sorting standards to support large dataset queries.
Monitoring API usage patterns to identify underutilized endpoints or performance outliers.
Establishing deprecation policies with advance notice and migration paths for retiring endpoints.