Building a Secure Node.js Orchestration Layer with Dynamic Routes and Slug approach


In modern application development, protecting sensitive information like API keys is crucial. Exposing these keys directly in client-side code can pose security risks. In this article, we will explore how to create a Node.js orchestration layer that acts as an intermediary between the frontend and backend APIs. By doing so, we can securely hide API keys and provide an additional layer of security.

Table of Contents:

  1. Understanding the Need for an Orchestration Layer
  2. Setting Up the Node.js Server
  3. Storing API Keys in Environment Variables
  4. Creating Endpoint Routes in the Node.js Server
  5. Forwarding Requests to the Backend APIs
  6. Handling Responses and Sending them to the Frontend
  7. Conclusion

Understanding the Need for an Orchestration Layer:

To effectively handle various endpoints in an API, it is essential to have a flexible and scalable approach. This is where dynamic routes and the slug pattern come into play. Let's explore why they are needed:

  • Simplified Codebase: Dynamic routes with slugs consolidate similar endpoint logic, reducing code duplication and improving code maintainability.
  • Flexible Endpoint Handling: Slugs capture dynamic values in the route, enabling interpretation for specific endpoints or resources without the need for separate route definitions.
  • Scalability and Extensibility: Dynamic routes allow for easy integration of new endpoints or functionalities by adding logic based on different slug values, ensuring scalability and extensibility.
  • Centralized Logic: Dynamic routes with slugs centralize shared endpoint logic within a single route handler, promoting code reusability and facilitating management.

With dynamic routes and the slug approach, we gain the flexibility to handle a variety of endpoints while keeping our codebase concise and maintainable.

Setting Up the Node.js Server

Let's start by setting up a basic Node.js server using Express.js.

    // server.js
    const express = require('express');
    const app = express();
    const port = 3000;

    app.listen(port, () => {
          console.log(`Server listening on port ${port}`);

Storing API Keys in Environment Variables:

To securely store API keys, we'll use environment variables. Create a .env file in the root directory of your project and add the API keys.

// .env

To access environment variables, install the dotenv package and configure it in your server file:

// server.js

// Access API key
const apiKey = process.env.API_KEY;

Creating Endpoint Routes in the Node.js Server: Let's create a simple endpoint route to handle incoming requests from the frontend. To create dynamic endpoint routes using the slug pattern, we can leverage the Express.js router and route parameters.

// server.js
app.get('/api/:slug', (req, res) => {
  const { slug } = req.params;

  // Handle the request based on the slug
  if (slug === 'data') {
    // Handle 'data' endpoint
    res.json({ message: 'Data endpoint called' });
  } else if (slug === 'users') {
    // Handle 'users' endpoint
    res.json({ message: 'Users endpoint called' });
  } else {
    // Handle other endpoints or invalid slugs
    res.status(404).json({ error: 'Endpoint not found' });

In this example, when a GET request is made to a route like /api/data or /api/users, the :slug route parameter captures the dynamic part of the URL. Inside the route handler function, you can access the captured slug value using req.params.slug. Based on the value of the slug, you can handle the request accordingly.

You can extend this approach to handle additional endpoints based on different slugs or add more complex logic based on your application's requirements.

Forwarding Requests to the Backend APIs

In this updated code snippet, for each slug case ('user' and 'data'), we generate a specific backend URL by incorporating the slug and query parameters (userId). If the slug doesn't match any defined case, we send a 404 error response indicating that the endpoint is not found.

Feel free to adjust the switch statement and URL construction logic according to your specific backend API requirements and slug patterns.

// server.js
const axios = require('axios');

app.get('/api/:slug', (req, res) => {
  const { slug } = req.params;
  let backendUrl;

  // Generate the backend URL based on the slug
  switch (slug) {
    case 'user': {
      const { userId }  = req.query
      backendUrl = `${userId}`;
    case 'data': {
      backendUrl = `${includeQuote}&env=${env}&controlNumber=${controlNumber}`;
    default: {
      res.status(404).json({ error: 'Endpoint not found' });

  // Forward the request to the backend API
    .then(response => {
      // Send the backend API response to the frontend
    .catch(error => {
      res.status(500).json({ error: 'An error occurred while calling the backend API' });

Handling Responses and Sending them to the Frontend:

Once we receive a response from the backend API, we can process it and send it back to the frontend.

// server.js

// ... process to generate backend URL 
app.get('api/:slug', (req, res) => {

// ... process to generate backend URL 
  axios.get(backendUrl, {
    headers: {
      'Authorization': `Bearer ${apiKey}`
    .then(response => {
      // Process the response as needed
      const processedData =;

      // Send the processed response back to the frontend```javascript
    .catch(error => {
      res.status(500).json({ error: 'An error occurred' });


Building a Node.js orchestration layer with dynamic routes and slugs enables us to securely hide API keys, enhance backend communication, and ensure data confidentiality. This approach offers scalability, modularity, and flexibility, simplifying code maintenance and improving overall security. By centralizing logic and following best practices, we can create robust and secure applications that effectively handle API requests while safeguarding sensitive information.

Avatar for sanket-s10

Written by sanket-s10

Frontend Developer | Skilled in JavaScript, TypeScript, ReactJS, NextJS | Dedicated to creating elegant and intuitive user interfaces


Fetching comments

Hey! 👋

Got something to say?

or to leave a comment.