Skip to main content

CRUD Operations - A practical example

CRUD operations are the foundation of most web applications today, providing a systematic approach to data manipulation. In this post, we will deep into the principles of CRUD, illustrating these concepts with the help of a To-Do Application as example, and extends into architectural details, best practices for REST API design, security implications.

What is CRUD?

CRUD is an acronym for Create, Read, Update, and Delete, encapsulating the primary actions performed on any database record. These operations are critical for the persistent storage and retrieval of data, serving as the backbone for the functionality of web applications.

  • Create: Adding new data entries/records.
  • Read: Retrieving existing data entries.
  • Update: Modifying existing data entries.
  • Delete: Removing data entries.

Practical Example: To-Do App

To elucidate the CRUD concept, let's consider a simple To-Do application that allows users to manage their tasks. This application provides a simple UI for the user to manage these tasks. This management is backed by CRUD operations which are implemented. Let's deep dive into these RESTful services and how they interact with a database using SQL.

todo-task-create

A UI mock up showcasing create task screen. On clicking 'Save', the POST /tasks API will be invoked to persist data.

todo-task-listing

A UI mock up showcasing listing, editing & deleting tasks screen.

Integrating CRUD with REST APIs

RESTful APIs use HTTP methods mapped directly to CRUD operations, providing a standard protocol for interacting with web services.

  • Create corresponds to POST, creating a new task.
  • Read corresponds to GET, listing all tasks or retrieving a specific one.
  • Update involves PUT or PATCH, altering an existing task.
  • Delete corresponds to DELETE, removing a task.

Example endpoints for a To-Do app might include:

  • POST /tasks to add a new task.
  • GET /tasks to retrieve all tasks.
  • PUT /tasks/{id} to update a specific task.
  • DELETE /tasks/{id} to delete a task.

You should adhere to best practices that enhances maintainability, here are some:

  • Entity-Focused Design: Model your API around the entities in your application, such as tasks in a To-Do app.
  • Clear and Logical URIs: Use straightforward URIs that reflect the entities and operations, such as /tasks for operations on tasks.
  • Proper Use of HTTP Methods and Status Codes: Align HTTP methods with CRUD operations and utilize status codes to indicate the outcome of requests, enhancing the API's usability and clarity.

Mapping CRUD to SQL

Assuming that you are familiar with SQL and relational database. The SQL, a relational database query language used by many applications, directly supports CRUD operations. Checkout the following syntax:

  • Create: INSERT INTO tasks (name, description) VALUES ('Grocery Shopping', 'Buy milk and eggs');
  • Read:
    • SELECT * FROM tasks; to retrieve all tasks, or,
    • SELECT * FROM tasks WHERE id = 1; for a specific task.
  • Update: UPDATE tasks SET name = 'Shopping' WHERE id = 1;
  • Delete: DELETE FROM tasks WHERE id = 1;

CRUD Routes In Beeceptor

By setting up a CRUD route on Beeceptor with /tasks as the route path, you can quickly setup the essential APIs for To-Do task management app. Beeceptor will automatically expose required Rest APIs. These APIs are backed by a persistent storage and schemaless. That means the JSON you send during the create call, is retrieved back as is in the read call.

HTTP MethodEndpointOperationDescription
POST/tasksCreateCreates a new task
GET/tasks/{id}Read (Get by ID)Retrieves a specific task by ID
GET/tasksRead (List All)Retrieves a list of all tasks
PUT/tasks/{id}Update (Replace)Replaces an existing task by ID
PATCH/tasks/{id}Update (Partial)Partially updates a task by ID
DELETE/tasks/{id}DeleteDeletes a specific task by ID

Security Considerations

The CRUD APIs persist the data and let you retrieve it. This requires securing CRUD operations for the protection of sensitive data. Here are some techniques that should be adopted to secure the data for storage and transmission.

  • Authentication and Authorization: Implement strategies like API keys, JWT, etc to verify API users and ensure they have the right to perform specific operations.
  • Data Encryption: Use HTTPS as the underlying protocol to secure data in transit. This protects from eavesdropping and man-in-the-middle attacks.
  • Input Validation: Validate all the incoming data to prevent SQL injection attacks, cross-site scripting (XSS), and other commonly known web vulnerabilities.

Architectural and Design Considerations

One size doesn't fit all. While CRUD provides a good foundation, it's crucial to recognize its limitations.

  • Beyond CRUD: In the real world not all applications require operations that fit neatly into CRUD operations. For example, complex transactions or batch operations. It's important to design your API and database interactions to accommodate these use cases.
  • Microservices and CRUD: In a microservices architecture, CRUD operations might be spread across multiple services. The ability to track the call stack, easing debugging, and integrity of the system are most important.

Frameworks & Libraries

Here are some popular frameworks in that can accelerate development. Learn and adopt these for your next project:

  • Java: The Spring Boot has an extensive ecosystem, including Spring Data JPA for database operations, making it an excellent choice for robust, enterprise-grade applications.
  • Node.js: Express.js, combined with Sequelize or Mongoose for ORM, enables you for a lightweight and powerful building blocks for CRUD APIs.
  • Python: Django and Flask stand out for their simplicity and flexibility. Django offers an ORM and built-in features for CRUD operations, while Flask provides a more minimalistic approach, giving developers the freedom to choose their tools.