Most developers are introduced to a database and APIS through a simple sample: Crowd – Creature, Read, Delete, Delete. It looks like perfect abstract. With just four operations, you can model almost anything. Lessons use it. Framework prepare it. We teach him the initial people as the basis for working with statistics.
But once you go beyond the basic apps, the crude begins to be separated.
The real -world systems do not just “update” or “delete”. In the loan application system, for example, lenders “submit”, loan officers “approve” or “reject” them, and the applications eventually “saved”. These are not ordinary crude operations – they are Domain -related steps That means.
And this is the problem: Crude hides the meaning of our system behind the vague verb. The rest of the API is the heir to the same problem, making the HTTP function a map on the CRUD but still fails to clearly show the real work flow.
In this article, we will discover:
Why Crowd works fine for simple apps but becomes anti -pattern on a scale
How do you like concepts UPSERTFor, for, for,. ArchiveAnd Bulk operations Show its cracks
Why does rest does not solve these problems
Instead, how to design APIs around the domain actions and workflows.
Finally, you’ll see what it really is – a teaching device, not a design philosophy.
The table of content
What is Crowd?
Create, read, refresh, deleteThese are the four basic operations that we perform on the data in the database.
Create – Adds a new record.
Read – brings current records (or records).
Refusal – changes one or more fields in a record.
Delete – Removes a record.
For example, a typical node -dot JS + Express app manage users in:
app.post('/users', createUser);
app.get('/users/:id', getUser);
app.put('/users/:id', updateUser);
app.delete('/users/:id', deleteUser);
This map is directly for the core SQL:
INSERT INTO users (...);
SELECT * FROM users WHERE id = ...;
UPDATE users SET ... WHERE id = ...;
DELETE FROM users WHERE id = ...;
And this is the cord in its purest form – four operations that can describe almost any database conversation.
Stretch Crowd: Optrot, Archive, Bulk
Developers quickly realize that crude is not enough, so they invent extension:
UPSERT: “Update” and a mixture of “Insert”. If the record is available, update it. If not, make it.
ArchiveInstead of deleting a record, we “soft delete” or call it inactive so that the date remains intact.
Bulk operations: Create, update, or delete many records of performance once.
They solve real problems, but they increase the simple model of crude. Now we need to distinguish between single and bulk resources. And we also need to increase the technical concerns of adding and soft deletion.
Breaking Crowd: Domain actions
The technical domain itself spreads the crude to a great extent, but business domain concerns completely break it. Take a loan application system:
The borrower does not “create” and “update” any application – they start, submit or not withdraw it.
A loan officer does not “update” an application – they do not review, approve or reject it.
Applications are not “deleted” – they are usually in the protected documents so there is a record of compliance.
If we try to make them models as a simple crude, meaning is lost:
PATCH /applications/123 { "status": "approved" }
Technically, it works. But what does “update” mean here? Did the application be submitted, rejected, or the protected documents? You can’t tell the API call.
The basic problem: CRUD hides the intentions behind the common, technical language. Real business processes are expressed as domain -related measures, not ordinary updates or deletions.
Breaking Crowd: Domain Authorization
Crud not only makes the intention vague – it also creates a difference. Example using the same loan application:
If “approval” is just modeled as a common refreshment, the system cannot distinguish the roles without additional checks. “Can this user update?” As a bidder permission rule suddenly allows lenders to take steps for the officers.
This match between technical function and business rules may arise:
Security issues – Unauthorized steps carried out by the wrong user.
Audit issues – it is unclear who did, and when.
Confirmation of workflow – state transfer is lost in ordinary updates.
Solution: treat each domain action as your API call with clear permission rules:
POST /applications/123/approve # Only accessible to loan officers
POST /applications/123/withdraw # Only accessible to the borrower
Instead of CRUD operations, the process of modeling is clear, which reduces the risk of both insects and security.
CRUD replacement: align into workflows
Real world applications follow workflows. The states that lead to resources. Take the example of our loan application:
It can look like a related API closing point:
# Borrower actions
POST /applications/123/submit # Draft → Submitted
POST /applications/123/withdraw # Draft/Submitted → Closed
# Loan officer actions
POST /applications/123/approve # Submitted → Approved
POST /applications/123/reject # Submitted → Rejected
# System/Admin actions
POST /applications/123/close # Approved/Rejected → Closed
# Side effect: spawning a Loan (after Approved)
POST /loans
{
"applicationId": "123",
"amount": 50000,
"borrowerId": "456",
"terms": { ... }
}
At this point, our API calls are almost completely out of the crude pattern – the only one that resembles the crude action is a debt -like peel, which looks like “creation”. Behind the curtains, we will still use INSERTFor, for, for,. SELECTAnd UPDATE Statements in the SQL, but at the API level we are in accordance with the original business work flu. Because of this, we are easily eligible to support the following:
Steps reflect business intentions -Call the API map to a real -world work, such as submit, approve, or withdraw.
Built -in Permissions – The closing points clearly separate the responsibilities of the loan, the loan officer, and the admin.
Auditability and workflow nap – State transitions are clear and incorrect transitions are stopped.
Control side effects – Spiving loans, information and flow process are deliberately handled.
Conclusion
Instead, by turning away from the actions of the CRUD and modeling domain, our API aligns with the real business work flow, clearly speaks intended, and naturally enforces the rules and permission. The state transfer, side effects, and auditing are clear, which reduces errors and safety risks. Although the CRUD still strengthens the basic database operations, thinking in terms of actions and workflows ensures that the system behaves as a business expectation.