How 3 raw visuals teach you REST APIs, Linux Filesystems and SSO Instantly!

The fastest way to turn complex Backend concepts into clear mental models 🧠

Sketech is back, and better organized

We’ve been quiet for a while. But not gone.

Sketech is shifting how it shares software engineering ideas:
More consistent. More visual. And built around two clear formats:

• ✏️ Hand-drawn diagrams

• 🗒️ Quick visual notes

If you're not following the new LinkedIn page or Twitter account, now’s the time. All content now lives there first.

---

What’s new?

1. We’re back to weekly digests.
   Each edition will recap what was shared on social.

2. Expect both new content and the best of past posts.
   This week, we’re kicking off with 2 notes and 1 visual recap.

---

You decide what works best

We're testing two formats:
Which one actually helps you remember more?

👇 Vote here

Loading...

---

💥 Gold from this week

REST API Design: Principles for Production-Grade Interfaces

Building APIs that stand the test of scale and maintainability requires disciplined design. Below are battle-tested conventions distilled from industry experience.

Core Principles

1. Semantic HTTP Usage

• GET: Safe resource retrieval (cacheable)

• POST: Non-idempotent creation

• PUT: Complete resource replacement (idempotent)

• PATCH: Partial updates (use RFC 7396 JSON Merge Patch)

• DELETE: Resource removal (idempotent)

Example:

PUT /articles/123 HTTP/1.1
Content-Type: application/json
{
  "title": "New Title",
  "body": "Updated content"
}

2. State Management

• Statelessness: Each request contains all necessary context

• Idempotency Keys: Critical for POST/PATCH operations

• ETags: Optimistic concurrency control (If-Match header)

Structural Best Practices

3. Resource Design

/api/v1/
  ├── /users           → Collection
  ├── /users/{id}      → Item
  └── /users/{id}/posts → Sub-resource

• Flat > Nested: Avoid >3 level nesting

• Singular vs Plural: Consistency matters (prefer /users over /user)

4. Error Handling

{
  "error": {
    "code": "invalid_timestamp",
    "message": "Timestamp must be in ISO 8601 format",
    "details": {
      "expected_format": "YYYY-MM-DDTHH:MM:SSZ"
    }
  }
}

Advanced Considerations

5. Performance Optimizations

6. Evolution Strategy

• Versioning: URL-path (/v1/) > Header (Accept: application/vnd.api+json;version=1)

• Deprecation

HTTP/1.1 200 OK
Deprecation: true
Sunset: Wed, 30 Nov 2025 23:59:59 GMT
Link: </v2/users>; rel="successor-version"

Security Essentials

1. Authentication:

   • OAuth 2.0 (RFC 6749) for delegated access

   • Mutual TLS for service-to-service

2. Protections:

   • Strict input validation

   • Rate limiting (429 Too Many Requests)

   • CORS policy whitelisting

Final Thoughts

A well-designed API is:
✔ Predictable (consistent structure)
✔ Efficient (filtering, pagination)
✔ Secure (auth, rate limiting)
✔ Maintainable (versioning, docs)

---

🔥Twitter went off on our Best REST API Tips, take a look!

---

The Linux Filesystem Hierarchy: A Map

Linux organizes files like a well-structured library. Here’s what actually lives in those cryptic folders:

Key Directories

• /sbin: Admin-only tools (fdisk, iptables)

• /opt: Manually installed apps (JetBrains IDEs, proprietary software)

• /run: Runtime data (PIDs, sockets)

Why This Structure Matters

1. Consistency: Every Linux distro uses this layout, learn it once.

2. Troubleshooting: Can’t find a config file? Know where to hunt.

3. Security: Accidentally deleting /lib bricks your OS. Respect the hierarchy.

---

🐧Twitter showed love to our Linux post too. Take a look!

---

SSO Demystified - Recap

Single Sign-On lets users access multiple applications with one login.

Single Sign-On lets users access multiple apps with one login. Here's the flow:

1️⃣ User tries to access a service
2️⃣ Gets redirected to the Identity Provider (IdP)
3️⃣ IdP prompts for login (e.g., password or MFA)
4️⃣ User submits credentials
5️⃣ IdP verifies them
6️⃣ IdP sends back a signed token (SAML or JWT)
7️⃣ Service validates the token → access granted

Now the user can access other connected services without logging in again

---

🧠Sketech isn’t back to impress.
It’s back to bring clarity.

The visuals. The systems. The notes.
They live on the Sketech page now, focused, consistent, no noise.

→ Follow on LinkedIn
→ And on Twitter

Raw notes for devs. Unfiltered.
— Sketech