Hectoday
Docs
Courses

Web fundamentals with @hectoday/http

Learn the web by building with it. A first-principles course using @hectoday/http.

Nine lessons that teach you how the web works. Not how a framework works. The web.

Every lesson starts from zero, explains the concept from first principles, and uses @hectoday/http as the running example. By the end, you'll understand HTTP, validation, error handling, auth, caching, CORS, testing, logging, and deployment well enough to build and ship a production API.

What you'll know after this

  • How HTTP works at the protocol level
  • How to validate input and get typed data from untyped sources
  • How to handle errors without hidden control flow
  • How to authenticate users and authorize actions
  • When caching helps, when it hurts, and how to implement both layers
  • Why CORS errors happen and how to fix them without guessing
  • How to write tests that prove your API works
  • How to log requests, errors, and business events
  • How to deploy to any platform

Who this is for

Developers who build web apps but have never looked under the hood. Frontend developers who want to understand the backend. Backend developers who copy-paste configs and want to know why they work. Anyone who wants to learn the web, not just a framework.

Prerequisites

Basic JavaScript. Knowing what async/await does. That's it.

Lessons

0/10
  1. HTTP from First Principles

    What a request is. What a response is. Status codes, headers, bodies, the URL object, and fetch. The five Web Standard primitives that everything else builds on.

  2. Validation from First Principles

    Why user input can't be trusted. Parsing vs checking. Zod in 5 minutes. The discriminated union pattern. Coercion for query strings.

  3. Error Handling from First Principles

    Expected vs unexpected errors. Why return beats throw. The early return pattern. The onError safety net. Error response formats.

  4. Authentication & Authorization from First Principles

    The difference between "who are you?" and "can you do this?" Bearer tokens, JWTs, sessions, API keys. The T | Response pattern.

  5. Caching from First Principles

    What caching is, why cache misses are slower than no cache, TTL, invalidation, HTTP cache headers, ETags, and server-side caching.

  6. CORS from First Principles

    Why the browser blocks your API calls. What an origin is. How preflight works. What every CORS header does.

  7. Testing APIs from First Principles

    What to test, what not to test. The three tests every endpoint needs. Integration vs unit tests. Don't mock the framework.

  8. Logging from First Principles

    Why console.log isn't enough. Structured logging with JSON. Log levels. Request IDs. What to log, what to never log.

  9. Rate Limiting from First Principles

    Why you need it, how the algorithms work, and how to implement fixed window, sliding window, token bucket, and Redis-backed limits.

  10. Deployment from First Principles

    Deno Deploy, Cloudflare Workers, Railway, Fly.io, VPS. Environment variables, health checks, graceful shutdown, and CI/CD.