Back to Projects

Synq API

2025

Auth, Email & GitHub Integration Backend

View LiveView Code
S
Node.jsTypeScriptExpressJWTResendOctokitMongoDB

The Challenge

Modern applications need more than just a basic REST API — they need secure authentication, reliable email delivery, and the ability to integrate with third-party platforms like GitHub without stitching together fragile glue code. The challenge was to build a clean, extensible backend that handles all of these concerns in one place, with strict input validation and a structure that scales as features are added.

The Solution

Built Synq API on Express 5 with TypeScript, wiring together JWT-based authentication, bcrypt password hashing, and cookie-based sessions for secure user management. Integrated both Nodemailer and Resend for flexible email delivery — transactional emails, notifications, and verification flows. Added Octokit for GitHub API integration, enabling the backend to interact with repositories and user data programmatically. Zod handles all input validation at the boundary, and Helmet secures the HTTP layer.

Impact

  • Delivered a production-ready auth system with JWT and secure cookie sessions
  • Enabled reliable transactional email delivery via Resend and Nodemailer
  • Integrated GitHub API access via Octokit for programmatic repo interactions
  • Enforced strict input validation with Zod across all endpoints
  • Secured the API with Helmet middleware and CORS configuration
  • Built on Express 5 — ahead of the curve on the latest Node.js ecosystem

Key Features

JWT authentication with bcrypt password hashing

Cookie-based session management for secure auth flows

Email delivery via Resend and Nodemailer for transactional notifications

GitHub API integration via Octokit for repository and user data access

Zod schema validation on all incoming requests

Helmet for HTTP security headers

CORS configuration for cross-origin request handling

Modular Express 5 routing with TypeScript throughout

ngrok integration for local tunnel testing

Tech Stack

Node.js with TypeScript (tsx watch for dev)
Express 5 for routing and middleware
MongoDB with Mongoose 8 for data persistence
jsonwebtoken + bcrypt for auth
Resend + Nodemailer for email delivery
Octokit for GitHub API integration
Zod 4 for runtime input validation
Helmet for HTTP security
ngrok for local development tunnelling

Lessons Learned

  • Express 5 brings meaningful improvements to async error handling worth adopting early
  • Having two email providers (Resend + Nodemailer) gives flexibility for different environments
  • Octokit makes GitHub API integration clean — no manual HTTP calls needed
  • Zod 4 is significantly faster than v3 and worth the upgrade for validation-heavy APIs
  • Cookie-based JWT sessions are more secure than localStorage for sensitive applications
  • Modular structure from day one prevents the codebase from becoming a monolith

Interested in working together?

Let's build something amazing.

Get in Touch