All roadmaps

08 · Engineering

The Backend Developer
roadmap.

Backend developers build the server-side logic that makes applications work — APIs, databases, authentication, and infrastructure. It's the highest-paying entry-level engineering path and the foundation of full-stack work.

Level

Intermediate

Time

8–14 months

Steps

6

Why this path

Backend development is the engine room of every application. While users interact with the frontend, the backend handles all the logic that actually matters: storing data reliably, authenticating users securely, and processing requests at scale.

Junior backend roles pay well precisely because the work requires precision. A bug in a frontend component is visible and annoying. A bug in authentication or data handling can be invisible and catastrophic. Backend developers who understand security and build defensively earn significantly more than those who don't.

01

Skills you'll need

Python or Node.jsSQL DatabasesREST API DesignAuthenticationGit & GitHubLinux & Command LineDocker basicsORM / Query BuilderAPI TestingCloud Basics
02

The roadmap

  1. 01

    Learn a server-side language

    Choose Python (with FastAPI or Django) or Node.js (with Express or Fastify). Don't choose both — depth beats breadth at this stage. Python is more beginner-friendly and widely used in data-adjacent roles. Node.js is more natural if you already know JavaScript. Learn the language fundamentals first: functions, classes, error handling, file I/O, and working with external packages. Build 3 small programs before touching web frameworks.

  2. 02

    Learn SQL and relational databases

    PostgreSQL is the most important backend skill after your language. Learn SELECT, INSERT, UPDATE, DELETE, JOINs (inner, left, full), GROUP BY, indexes, and transactions. Understand when and why to use indexes. Practice designing schemas for realistic use cases: a blog, an e-commerce store, a task manager. Use a free PostgreSQL instance on Neon or Supabase to practice against a real database, not a textbook.

  3. 03

    Build REST APIs

    Build a full CRUD REST API with authentication: user registration and login (JWT-based), protected routes, and at least 3 resource endpoints. Follow REST conventions: proper HTTP methods (GET, POST, PUT, DELETE), meaningful status codes (200, 201, 400, 401, 403, 404, 500), and consistent JSON response structure. Document your API with Swagger/OpenAPI. This project is the foundation of your portfolio.

  4. 04

    Learn authentication and security

    Authentication is where most junior backends make serious mistakes. Learn to hash passwords with bcrypt (never store plaintext). Understand JWT: how they're signed, how they expire, and how to invalidate them. Learn about SQL injection and how parameterised queries prevent it. Study OWASP Top 10 — knowing the most common vulnerabilities and how to avoid them makes you a more trustworthy hire.

  5. 05

    Learn deployment and infrastructure basics

    Deploy your API to a real server. Use Railway, Render, or Fly.io for simple deployments — all have free tiers. Learn Docker well enough to containerise your app with a Dockerfile and run it with Docker Compose alongside a local database. Learn to set environment variables securely. Understanding how your code runs in production — not just on your laptop — separates serious backend developers from beginners.

  6. 06

    Build a full backend project and apply

    Build one complete backend system: an API with authentication, a relational database with at least 3 tables, rate limiting, error handling, input validation, and a README that explains what the API does. Deploy it and document it. This is your portfolio centrepiece. Apply for roles titled 'Junior Backend Engineer', 'Node.js Developer', 'Python Developer', or 'API Developer'. Be ready to discuss your database schema decisions and security choices in detail.

03

Tools of the trade

VS Code

Free

Code editor with excellent Python/Node.js extensions

PostgreSQL

Free

Industry-standard relational database — learn this, not MySQL first

Postman

Free

Test and document your API endpoints during development

Docker

Free

Run databases and services consistently across environments

Git + GitHub

Free

Version control — every backend project needs this

Railway / Render

Free

Simple deployment platforms — free tiers for portfolio projects

Neon / Supabase

Free

Free PostgreSQL hosting for development and portfolio projects

Swagger / OpenAPI

Free

Auto-generate API documentation from your code

04

A day on the job

  • 01Designing and implementing new API endpoints based on product requirements
  • 02Writing database migrations and updating schemas as requirements change
  • 03Debugging production issues using logs and monitoring tools
  • 04Writing unit and integration tests for new features
  • 05Reviewing code from teammates and ensuring security and performance standards
  • 06Updating API documentation and keeping internal runbooks current
  • 07Investigating performance bottlenecks in slow queries or endpoints
05

What it pays

Entry

$60,000–90,000 / yr

Mid-level

$90,000–130,000 / yr

Senior

$130,000–200,000+ / yr

USD, salaried

06

Where to find work

  • LinkedIn

    Best source for full-time backend roles

  • Wellfound (AngelList)

    Startup roles — more autonomy, faster promotions

  • We Work Remotely

    Remote backend engineering roles

  • Toptal

    Vetted freelance network — premium rates for senior engineers

  • Hired.com

    Companies reach out to you after profile approval

  • Direct applications

    Apply directly to companies you want to work at

07

Mistakes to avoid

No. 01

Storing passwords in plaintext

This is the most common and damaging beginner security mistake. Always hash passwords with bcrypt or Argon2 before storing. If your database is ever compromised, hashed passwords protect your users. Plaintext passwords in a leaked database end careers and destroy companies.

No. 02

No input validation

Never trust data from the client. Validate every input: types, lengths, formats, and allowed values. Use a validation library (Zod, Joi, Pydantic). A user who sends unexpected data to your API shouldn't be able to break it, crash it, or inject malicious SQL.

No. 03

Treating all errors the same

Not all errors are equal. A 400 (bad request) is the client's fault. A 500 (server error) is yours. Returning 500 for everything hides real problems. Build proper error handling that distinguishes user errors from system errors, logs appropriately, and returns useful messages.

No. 04

No database indexes on queried columns

Queries on unindexed columns do full table scans — they're fast with 100 rows and catastrophically slow with 1 million. Add indexes on every column you filter, join, or sort by. Learn to read EXPLAIN ANALYZE output in PostgreSQL to spot slow queries before they reach production.

No. 05

Hardcoding secrets in code

API keys, database URLs, and JWT secrets hardcoded in source code will eventually end up in a GitHub repository — public or private. Always use environment variables. Use a .env file locally, never commit it, and use secrets management in production.

08

Where to learn

  • The Odin Project — full Node.js backend curriculumCourse
  • FastAPI Documentation — best Python API framework, excellent docsReading
  • PostgreSQL Tutorial (postgresqltutorial.com) — comprehensive free referenceReading
  • OWASP Top 10 — the 10 most critical security vulnerabilities to knowReading
  • Designing Data-Intensive Applications — Martin Kleppmann (advanced, highly recommended)Reading
  • SQLZoo — interactive SQL practicePractice
  • Docker Getting Started Tutorial — official beginner guideCourse
  • Postman — API testing and documentationTool
09

Questions, answered

Python or Node.js for backend — which should I learn?
Python if you're interested in data, ML, or prefer a cleaner syntax. Node.js if you already know JavaScript and want to stay in one language. Both have excellent frameworks and strong job markets. The language matters less than your depth — a developer who knows PostgreSQL, REST design, and security principles well can pick up a new language in weeks.
Do I need to know frontend to get a backend job?
No. Backend and frontend are genuinely different specialisations and are hired separately at most companies. You should understand what APIs are consumed by — know what JSON is, how HTTP works, and how authentication tokens flow between client and server — but you don't need to build UIs.
What database should I learn first?
PostgreSQL. It's the most widely used open-source relational database, has the best tooling, and is used by companies of every size. Learning PostgreSQL properly (including indexes, transactions, and query planning) is more valuable than knowing 3 databases superficially. Add Redis for caching knowledge once you're comfortable with SQL.
Is cloud knowledge required for entry-level roles?
Basic cloud knowledge (deploying to AWS EC2 or a managed platform, setting environment variables, understanding what a server is) is expected. Deep AWS expertise is not. Being able to deploy your API to a production server and explain what happens when a request arrives is sufficient for most junior interviews.
How long until I get a junior backend job?
8–14 months of consistent daily practice for most self-taught developers. The key milestones are: a working authenticated REST API deployed to production, SQL proficiency including joins and indexing, and a solid understanding of authentication security. The gap between 'building things' and 'building things correctly and securely' is where most of the time goes.

Estimated commitment

8–14 months

Consistent daily practice beats long, infrequent sessions. An hour a day is enough.

10

Where it leads

  • Full Stack Developer

    Natural next step

  • DevOps Engineer

    Natural next step

  • API Engineer

    Natural next step

11

Other roadmaps