What is it
The backend (or “server side”) is the part of an application that runs on servers — not in the user’s browser. It’s invisible to the end user, but it’s where all the real logic happens:
- Verifying whether a password is correct
- Saving and retrieving data from the database
- Processing a payment
- Sending an email
- Calculating prices or inventory
If software were a restaurant:
- The frontend is the dining room, waiters, presentation
- The backend is the kitchen: cooks, ingredients, recipes, storage room
Backend Responsibilities
| Area | What it does |
|---|---|
| Business logic | Business rules: discounts, validations, approval workflows |
| Database | Create, read, update, delete data (CRUD) |
| Authentication | Verify who you are (login, sessions, JWT tokens) |
| Authorization | Verify what you can do (role-based permissions) |
| APIs | Expose endpoints for frontend or third parties to consume |
| Integrations | Connect to external systems: payments, email, SMS, ERPs |
| Processing | Calculations, data transformation, report generation |
| Security | Validate inputs, prevent SQL injection, encrypt sensitive data |
Backend Technologies
Programming Languages
| Language | Strength | Used in |
|---|---|---|
| Node.js (JavaScript) | High concurrency, same language as frontend | Startups, real-time APIs |
| Python | AI/ML, readability, data science | AI-powered APIs, data analysis |
| Java / Kotlin | Robustness, enterprise ecosystem | Banking, insurance, large corporations |
| C# (.NET) | Microsoft ecosystem, performance | Companies with Microsoft stack |
| Go | Performance, simplicity | High-scale systems |
| PHP | Maturity, cheap hosting | WordPress, legacy e-commerce |
Popular Frameworks
- Node.js: Express, NestJS, Fastify
- Python: Django, FastAPI, Flask
- Java: Spring Boot
- C#: ASP.NET Core
Databases
| Type | Examples | When to use |
|---|---|---|
| SQL (relational) | PostgreSQL, MySQL, SQL Server | Structured data, complex relationships |
| NoSQL (document) | MongoDB, DynamoDB | Flexible data, high scale |
| In-memory | Redis | Cache, sessions, queues |
| Columnar | Cassandra | Big data, time series |
How a Typical Request Works
User clicks "View my orders"
↓
Frontend sends: GET /api/orders (with JWT token)
↓
Backend verifies JWT → identifies the user
↓
Backend queries: SELECT * FROM orders WHERE user_id = 123
↓
Database returns the data
↓
Backend formats the response as JSON
↓
Frontend receives and displays the order listBackend as a Service (BaaS)
For projects that don’t want to manage all this infrastructure, platforms offer pre-configured backends:
- Supabase — PostgreSQL database + auth + automatic APIs
- Firebase — Google’s backend suite: real-time DB, auth, hosting
- AWS Amplify — serverless backend on AWS
- PocketBase — open source backend in a single executable
Useful for MVPs and startups; for companies with complex logic, they typically fall short.
Why Backend Quality Matters
Backend quality determines:
Security: most security breaches occur in the backend (SQL injection, broken authentication, exposed data)
Performance: a poorly optimized backend makes the whole app slow, even if the frontend is perfect
Scalability: can the system handle 100 users or 100,000? The answer is in the backend
Data integrity: your company’s data is the most valuable asset — a backend without validations can corrupt it
Related Terms
- [[Frontend]] - The visible counterpart that communicates with the backend via API
- [[API]] - The contract the backend exposes to be consumed
- [[REST]] - The most common design style for backend APIs
- [[Docker]] - How the backend is deployed reproducibly
- [[Microservices]] - Architecture where the backend is divided into specialized services
Additional Resources:
- Backend Developer Roadmap - Visual learning path guide
- OWASP Top 10 - The 10 most critical security risks in backends