Need the #1 custom application developer in Brisbane?Click here →

What Is a Back-End?

10 min read

The back-end is the server-side of an application. It processes requests from clients (browsers, mobile apps, other servers), applies business logic, manages data, and sends responses. The back-end is the engine; the front-end is the dashboard.

In contrast to front-end development (visible, user-facing), back-end development is invisible to users. Users don't see your code, your database, or your server infrastructure. They only see the results of back-end work: data displayed correctly, transactions completed, emails delivered.

What the Back-End Handles

  • Authentication: Verifying users are who they claim (login, password verification).
  • Data validation: Ensuring data is correct before storing it (email format, required fields, business rules).
  • Business logic: Enforcing rules specific to your application (inventory checks, pricing calculations, workflow state machines).
  • Database operations: Storing and retrieving data reliably (create, read, update, delete—CRUD).
  • External API calls: Integrating with other services (payment processors, email providers, mapping services).
  • Authorization: Controlling what users can do (admins can delete, users can only view their own data).
  • File processing: Handling uploads, generating PDFs, processing images.
  • Background jobs: Work that doesn't need to happen immediately (sending emails, generating reports, syncing data).
  • Caching: Storing computed results to avoid recalculating them.
  • Logging and monitoring: Recording what happens so you can debug problems and track system health.

The Client-Server Model

The client sends an HTTP request to the server. The request includes the URL, HTTP method (GET, POST, etc.), headers, and optionally a body. The server receives the request, processes it, and sends back an HTTP response with a status code, headers, and a body (usually JSON for APIs, HTML for web pages).

This is fundamental: the client initiates, the server responds. The server doesn't push data to the client unless the client asks for it (unless using WebSockets, which change this dynamic). The server doesn't know or care what the client looks like—it just receives and responds to requests.

This is powerful because it decouples client and server. The server doesn't care if the client is a web browser, mobile app, desktop application, or another server. As long as they speak the same protocol (HTTP), they work together.

Note
The back-end's perspective: It receives HTTP requests, processes them according to business logic, and returns responses. It doesn't care what rendered the request or how the response is displayed.

APIs: The Interface

An API (Application Programming Interface) is the contract between client and server. It defines what requests are valid, what data they return, and what errors might occur.

REST APIs are the most common. They use HTTP methods and URLs to define operations:

  • GET /users returns all users
  • GET /users/123 returns user 123
  • POST /users creates a new user
  • PUT /users/123 updates user 123
  • DELETE /users/123 deletes user 123

GraphQL is an alternative where clients specify exactly what data they need, reducing over-fetching and under-fetching. REST and GraphQL each have tradeoffs. REST is simpler and more standardized; GraphQL is more flexible.

Monolith vs Microservices

A monolithic architecture means one codebase handles everything. A single application serves all API endpoints, handles all business logic, and talks to a single database. This is the default and correct choice for most applications.

Advantages: simpler to build, easier to deploy, easier to reason about. Disadvantages: harder to scale individual components, can get very large, coupling between components.

Microservices means splitting into many small services, each handling one part of the system. A user service, order service, payment service, each with its own database and code. Services communicate via APIs.

Advantages: independent scaling, clear separation of concerns. Disadvantages: significantly more complex, distributed system challenges, operational overhead.

Start with a monolith. Only move to microservices when a monolith genuinely limits you. Premature microservice architecture is a common mistake.

The Database as the Source of Truth

The back-end is the only layer that should directly access the database. The front-end never queries the database directly—it goes through the back-end API.

This is critical for security. If the front-end could query the database, users could bypass all back-end validation and authorization. They could query other users' data, delete data, modify prices. The back-end is the trust boundary.

The database stores the true state of the application. If the database says a user has 5 orders, they have 5 orders, regardless of what the front-end displays. The front-end is just a view into the database state.

Warning
Never trust the client. Everything the front-end sends might be wrong, modified by an attacker, or incomplete. Always validate and verify server-side.

Back-End Responsibilities in CRUD Operations

Let's trace what happens when a user creates a new order:

  1. Receive request: Front-end sends order data (items, shipping address, payment info).
  2. Validate input: Check that all required fields exist, data is in correct format, quantities are positive.
  3. Check authorization: Is this user allowed to create orders? (Usually yes, unless they're banned.)
  4. Verify inventory: Are the items in stock? (Check the database.)
  5. Calculate totals: Subtotal, tax, shipping, discounts.
  6. Create record: Insert order into database with status "pending".
  7. Process payment: Call payment processor API, get confirmation or error.
  8. Update status: If payment succeeds, update order status to "paid". If payment fails, update to "failed".
  9. Send confirmation: Queue an email to the customer.
  10. Return response: Send the order details back to the front-end.

This seems simple but involves error handling at each step. What if the user isn't authorized? What if inventory changed between check and insert (race condition)? What if payment fails? What if the email service is down?

Statelessness: A Core Principle

Back-end servers should be stateless—they don't store request context between requests. Each request is independent. This enables scaling: add more servers, and requests can go to any of them.

Session data goes in a store (database, Redis), not in server memory. If you store session data in server memory, the user's next request might hit a different server that doesn't have their session.

Stateless servers are more complex than stateful ones but enable the scaling needed for large applications. This is a tradeoff almost always worth making.

The Back-End's Reliability Requirement

Front-end failures are annoying. Back-end failures are catastrophic. A bug in your JavaScript might be fixed by refreshing. A bug in your back-end corrupts data or loses transactions.

Back-end development requires different standards:

  • Data integrity: Transactions ensure multiple operations succeed or all fail together.
  • Idempotency: Operations should be safe to retry (same result).
  • Error handling: Graceful failure, clear error messages, proper logging.
  • Testing: Higher standards for back-end tests (harder to test concurrency, race conditions).
  • Monitoring: Alert on errors, track performance, understand system health.

The Invisible Complexity

Users see a button labeled "Checkout". Behind it: authentication checks, permission verification, inventory queries, payment processing, tax calculations, order creation, audit logging, cache invalidation, email queuing, and error recovery. If any step fails, the user sees an error message.

The back-end's job is making the complex invisible, so the user sees a simple flow: click button, see confirmation. This is the art of back-end development—handling complexity so users don't have to.