Skip to content
Backend Engineer Roadmap
0 / 18
Roadmap · 2026 Edition

Backend
Engineer.

18 stations. 3 tracks. From HTTP APIs and databases to queues, Kubernetes, and reliability — at your own pace.

Foundations
~5h 0/6
Core Backend
~5h 0/6
Production
~6h 0/6
0 of 18 stations · ~0h of ~16h
Lines —
Foundations
Core Backend
Production
Stations —
Not started
Completed

The roadmap.

Three tracks. 18 stations. Click any node to open its detail. Mark complete as you go — your progress is saved locally.

Practice tools

Go deeper.

Interactive tools to practice what you've learned from the roadmap above.

    Keep reading.

    The Prompting Handbook covers the Foundation track in depth — interactive, no code required.

    Read the handbook →

    Backend Engineer Roadmap 2026 — the full roadmap in text

    A written version of the interactive roadmap above — every station, what you'll learn, and a small thing to build — laid out for reading, reference and search.

    Foundations Start here

    F1. Language & Runtime

    Beginner · 45 min

    Backend work starts with a language and the runtime under it. Pick one (Go, Java, Python, Node, Rust), and understand how it handles concurrency, memory, and packages — because the runtime shapes every performance and scaling decision you make later.

    Skills: Choosing a language · Concurrency model · Memory & GC basics · Package management

    Build it: Write a tiny HTTP server in your language that returns JSON. Note how it handles concurrent requests — threads, an event loop, or goroutines?

    F2. HTTP & REST APIs

    Beginner · 60 min

    The web speaks HTTP, and most backends expose REST APIs. Master the request/response cycle, methods and status codes, statelessness, idempotency, and clean resource design — the vocabulary every service and every interview is built on.

    Skills: Request / response · HTTP methods & status codes · REST resource design · Statelessness & idempotency

    Build it: Design the REST API for a pastebin: list the endpoints, methods, status codes, and request/response shapes. Which calls are idempotent?

    F3. SQL Databases

    Beginner · 75 min

    The relational database is the heart of most backends. Learn the relational model, joins, indexes and B-trees, transactions and ACID, and how the query planner turns your SQL into a fast (or slow) plan. This is where correctness and performance meet.

    Skills: Relational model & joins · Indexes & B-trees · Transactions & ACID · EXPLAIN & query plans

    Build it: Model a simple e-commerce schema (users, orders, products). Add the indexes a checkout query needs, and check the plan with EXPLAIN.

    F4. Caching

    Intermediate · 60 min

    A cache is the highest-leverage tool for read-heavy backends: keep hot data in memory and spare the database. But caches bring their own problems — TTLs, eviction, invalidation, and the thundering herd when they go cold. Redis is the workhorse.

    Skills: Cache-aside · TTL & eviction (LRU/LFU) · Invalidation · Redis data structures

    Build it: Design the caching layer for a read-heavy profile service: what do you cache, for how long, and how do you survive a cache-miss storm?

    F5. NoSQL & Data Modeling

    Intermediate · 60 min

    Not everything fits a relational schema. Key-value, document, and wide-column stores trade joins and strict schemas for scale and flexible access patterns. The skill is modeling your data for how it will be read, and knowing when NoSQL beats SQL.

    Skills: Key-value / document / wide-column · Access-pattern modeling · Denormalization · When NoSQL fits

    Build it: For a chat app, decide where messages, user profiles, and presence each live — and justify SQL vs NoSQL for each by its access pattern.

    F6. Auth & Security

    Intermediate · 60 min

    Every backend must answer "who are you, and what may you do?" Learn authentication vs authorization, sessions vs JWTs, OAuth, password hashing, and the OWASP risks (injection, XSS, CSRF) — plus TLS. Security is not a feature you bolt on later.

    Skills: Authn vs authz · Sessions & JWT · OAuth basics · Password hashing & OWASP

    Build it: Design auth for an API: how do you issue and verify tokens, store passwords, and stop a stolen token being replayed forever?

    Core Backend The craft

    T1. API Design & Versioning

    Intermediate · 60 min

    Good APIs outlive their implementations. Beyond basic REST: pagination, consistent error handling, versioning without breaking clients, rate limiting, and when GraphQL or an API gateway earns its place. Design the contract as carefully as the code.

    Skills: Pagination & filtering · Error handling & idempotency keys · Versioning · REST vs GraphQL / gateway

    Build it: Evolve a v1 API to v2 without breaking existing clients. Where do you version, and how do you deprecate gracefully?

    T2. Concurrency & Scaling

    Intermediate · 60 min

    One server has a ceiling. Scale out with stateless services behind a load balancer, and understand connection pooling, horizontal vs vertical scaling, and where shared state must live. Statelessness is the enabler for everything horizontal.

    Skills: Horizontal vs vertical · Stateless services · Load balancing (L4/L7) · Connection pooling

    Build it: Take a single-server app to five servers. What must become stateless, where does session/state move, and how does traffic get distributed?

    T3. Testing

    Intermediate · 50 min

    Untested backends rot. Learn the test pyramid — many fast unit tests, fewer integration tests, a handful of end-to-end — plus mocking, test data, and contract tests between services. Tests are what let you change code without fear.

    Skills: Test pyramid · Unit / integration / e2e · Mocking & fixtures · Contract testing

    Build it: For a payment endpoint, decide what to unit-test, what needs an integration test with a real database, and what an e2e test should cover.

    T4. Message Queues & Streaming

    Advanced · 60 min

    Not everything should happen in the request. Queues and logs decouple producers from consumers, absorb bursts, and enable async work and event-driven architecture. Learn at-least-once delivery, idempotent consumers, and queues vs a Kafka-style log.

    Skills: Async decoupling · Queue vs log (Kafka) · At-least-once + idempotency · Event-driven design

    Build it: Move email-sending out of the checkout request. Which queue guarantees do you need, and how do consumers avoid sending duplicates?

    T5. Observability

    Advanced · 55 min

    You cannot fix what you cannot see. Instrument the three pillars — metrics (is something wrong?), logs (what happened?), traces (where?) — with structured logs and the golden signals, so 3am debugging is a guided walk, not a guessing game.

    Skills: Metrics / logs / traces · Structured logging + trace ids · Golden signals · SLIs / SLOs

    Build it: Add observability to a slow endpoint: which metric alerts you, which trace localizes it, and which log lines explain it?

    T6. System Design

    Advanced · 75 min

    Now assemble the pieces. Back-of-the-envelope estimation, the CAP tradeoff, consistency models, and combining APIs, databases, caches, queues, and load balancers into a coherent system that scales — the skill senior interviews probe hardest.

    Skills: Capacity estimation · CAP & consistency · Component composition · Tradeoff reasoning

    Build it: Design a URL shortener end to end: estimate the numbers, pick the datastore, add the cache, and justify every component.

    Production Ship & operate

    P1. Containers & Kubernetes

    Advanced · 70 min

    Modern backends ship as containers. Learn Docker images, then orchestration: how Kubernetes runs hundreds of containers across machines by chasing a declared desired state, self-healing, load-balancing, and rolling out new versions.

    Skills: Docker images · Pods & deployments · Desired-state control loop · Services & self-healing

    Build it: Containerize a service and declare 3 replicas. What happens when one pod crashes, and how does a rolling update stay available?

    P2. CI/CD & Deployment

    Advanced · 55 min

    Shipping should be boring. Automate build, test, and deploy in a pipeline, and release safely with blue-green or canary deploys, quick rollbacks, and feature flags that decouple deploy from release. Deploy small, deploy often, deploy reversibly.

    Skills: CI/CD pipelines · Blue-green & canary · Rollbacks · Feature flags

    Build it: Design a safe rollout for a risky change: how do you release to 1% first, watch metrics, and roll back in seconds if it breaks?

    P3. Reliability & Resilience

    Advanced · 60 min

    Everything fails eventually. Build services that degrade gracefully: timeouts so a slow dependency cannot hang you, retries with backoff, circuit breakers that stop cascading failure, and bulkheads that isolate blast radius. Assume dependencies will break.

    Skills: Timeouts · Retries & backoff · Circuit breakers · Graceful degradation

    Build it: A downstream service gets slow. Show how timeouts, a circuit breaker, and a fallback keep your API responsive instead of hung.

    P4. Sharding & Replication

    Advanced · 70 min

    When one database is not enough: replicate for read scale and availability, and shard (partition) to spread writes and storage across machines. Learn read replicas, partitioning strategies, and the consistency tradeoffs each choice forces.

    Skills: Read replicas · Sharding / partitioning · Partition keys & hotspots · Replication consistency

    Build it: Your users table is too big for one node. Choose a shard key, avoid hotspots, and explain what a cross-shard query costs.

    P5. Distributed Systems Pitfalls

    Advanced · 60 min

    Distributed backends bite in subtle ways: coordinating with distributed locks (and why they are hard), making operations idempotent so retries are safe, exactly-once myths, and clock/ordering issues. These are the traps senior engineers must see coming.

    Skills: Distributed locks & fencing · Idempotency · Exactly-once vs at-least-once · Ordering & clocks

    Build it: Two workers might process the same job. Make the handler idempotent so a duplicate is harmless — without a fragile lock.

    P6. Cost, SLOs & On-call

    Advanced · 50 min

    Operating a backend is a discipline. Define SLIs/SLOs and an error budget to balance features against reliability, plan capacity and control cost, and run humane on-call with good alerts (symptoms, not noise) and blameless incident response.

    Skills: SLIs / SLOs / error budgets · Capacity & cost planning · Alerting on symptoms · Incident response

    Build it: Set an SLO for a checkout API and derive its error budget. When the budget is spent, what should the team stop doing?

    Finished this one? 0 / 13 Roadmaps done

    Explore the topic

    See this alongside everything else on the same subject — handbooks, system designs, challenges and tools, in one place.

    More Roadmaps