Module 4: Secure Data-Gateway API
Build a secure microservice for handling CRUD operations with AES-256-GCM encrypted JSON data storage. Learn to implement server-side encryption, create a minimal data gateway API, and protect sensitive data at rest outside the web root.
Module Objectives
Server-Side Encryption
Implement AES-256-GCM encryption for JSON data files stored outside the web root, ensuring sensitive information never reaches the client unencrypted.
Data-Gateway Microservice
Build a minimal Node.js or Python microservice that handles CRUD operations, encryption/decryption, and serves as a secure intermediary between your frontend and encrypted data.
RESTful API Design
Design and implement a clean RESTful API for Create, Read, Update, and Delete operations following industry-standard patterns and HTTP methods.
Security Architecture
Understand the security model where encryption keys stay server-side, data files live outside web root (/srv/webdesign_data/), and the gateway uses reverse proxy configuration.
Module Roadmap
Recommended Learning Path
Follow this sequence for optimal learning:
Each step builds upon the previous one, so following this order will give you the best learning experience.
Prerequisites
Before starting this module, make sure you have:
- Completion of Modules 1, 2, and 3
- Understanding of JSON and API concepts
- Basic knowledge of HTTP methods (GET, POST, PUT, DELETE)
- Data-driven website from Module 3
- Comfort with command-line operations
Key Technologies
What You'll Learn
By the end of Module 4, you'll have transformed your website from client-side data files to a secure backend architecture with encrypted storage. You'll understand encryption principles, secure API design, and be ready to polish your UI and deploy to production in the remaining modules.