Develop and Implement Back-End Solutions
Overview
This standard defines the competencies required to build secure, reliable and scalable back-end services that provide the core logic and services for full stack applications.
It includes designing and implementing APIs, integrating with databases, applying authentication and authorisation mechanisms, and ensuring resilience, observability, and maintainability of server-side components.
Back-end solutions form the backbone of modern applications, providing the secure, reliable, and performant services that power user-facing features. Competence in this area enables organisations to manage data flows, support high volumes of transactions, and protect sensitive information, ensuring trust and reliability across digital services.
This standard is intended for developers and engineers who build and manage server-side components, APIs, and integrations as part of full stack development teams.
Performance criteria
You must be able to:
- Implement back-end services using approved languages and frameworks in line with organisational standards.
- Design and implement APIs with versioning, pagination, rate limiting and clear error models, in line with organisational and industry standards.
- Apply authentication and authorisation using modern identity standards appropriate to the system context.
- Implement data protection controls, including encryption, validation and secure error handling, in line with organisational and data-protection requirements.
- Implement asynchronous processing with monitoring and failure handling, including dead-letter queues, in line with organisational resilience and reliability standards.
- Implement observability practices, including logging, metrics and traces, in line with organisational monitoring and assurance standards.
- Manage configuration and feature flags securely across environments in line with organisational security and configuration management policies.
- Optimise scalability and reliability through testing and tuning against defined performance and reliability criteria.
- Maintain secure dependencies using vulnerability management and software composition analysis, with software bills of materials (SBOM) outputs used to inform remediation processes.
- Document APIs and operational procedures in line with organisational documentation standards.
Knowledge and Understanding
You need to know and understand:
- Principles of server-side programming and the selection and use of appropriate languages and frameworks in line with organisational standards.
- API design principles and industry standards, including versioning strategies, pagination, rate limiting, idempotency and error modelling.
- Authentication and authorisation concepts and modern identity standards used in back-end systems, including token-based approaches and federation models.
- Secrets management concepts, including secure storage, controlled access and rotation, in line with organisational security policies.
- Data protection principles relevant to back-end services, including encryption in transit and at rest, input validation, and secure error handling.
- Asynchronous processing concepts, including message queues, event-driven architectures, monitoring approaches and handling of failed or delayed messages.
- Observability concepts for back-end systems, including structured logging, metrics, traces, health checks, and their role in monitoring and assurance.
- Configuration management approaches, including environment segregation, feature flags and safe configuration practices.
- Scalability and reliability concepts, including horizontal scaling, caching, connection management and performance testing techniques.
- Software supply-chain security concepts, including vulnerability management, software composition analysis, and the purpose and use of software bills of materials (SBOMs) in remediation workflows.
- Documentation practices for back-end systems, including API documentation, operational runbooks and peer review processes.
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
Back-end service
A server-side software component that provides application logic, data access or integration capabilities to other systems or user interfaces.
API (Application Programming Interface)
A defined interface that enables software components to communicate, including requests, responses, error handling and versioning rules.
Rate limiting
Controls that restrict the number or frequency of requests to an API to protect availability and performance.
Authentication
The process of verifying the identity of a user, system or service.
Authorisation
The process of determining what actions an authenticated user, system or service is permitted to perform.
Identity standards
Recognised approaches for managing authentication and authorisation in distributed systems, such as token-based or federated identity models.
Secrets management
The secure storage, access control and rotation of sensitive information such as credentials, keys and tokens.
Asynchronous processing
A processing model where tasks are handled independently of the initiating request, often using messaging or event-driven mechanisms.
Observability
The ability to understand the internal state of a system through logs, metrics, traces and health indicators.
Configuration management
The practice of controlling application settings and behaviour across environments in a secure and repeatable way.
Scalability
The ability of a system to handle increased workload by adjusting resources or architecture.
Reliability
The ability of a system to operate consistently and correctly over time.
Software Bill of Materials (SBOM)
A structured record of software components and dependencies used in an application.
Vulnerability management
The process of identifying, assessing, prioritising and remediating security vulnerabilities.