When You Have Customers You’re Gonna Need It! Enterprise (App) Edition
- Stand-alone data validations. For example, if using RDBMS, implement checks beyond NOT-NULL and foreign key constraints that are invoked either incrementally or via batch. Do not rely on validators inside API handlers! APIs are reimplemented while persistent data outlives everything else. There are two levels of validations: API and storage. A storage validator can be given a transaction prior to commit and told what to look for in order to roll back upon failure.
2. A roles and capabilities rules engine for use by the front and back ends
3. Asynchronous APIs. Request-response is for toys that don’t implement server-side retry. Enforce a 5 second transaction limit at the router layer to discourage cheating. Pick or invent a convention and stick with it!
4. Message lookup for internationalization. For logging, errors, and messages that are sent from the server to the frontend.
5. Data modification audit trail showing who did what when
6. Automated production-identical environment for integration testing of every feature. Yes, every feature. Of course that makes you angry. It’s expensive. So is losing your developers to natural attrition and hiring newbies who will over the long term break every feature unpredictably, regardless of experience level and regardless of your code review process.
Be sure to automation test the audit trail!