Glossary

My definition of some terms.

Access Token: A credential issued by an Authorization Server that allows a client to access protected resources on a Resource Server, typically short-lived and included in API requests.
API (aka Application Programming Interface): Code interface used to interact with an application. It can go from a function in a library, a method in the runtime of the code to an HTTP based one using URLs and HTTP methods.
API Gateway: A service that acts as a single entry point for multiple backend services, handling routing, authentication, rate limiting, and request transformation before forwarding requests to internal APIs.
Authorization Server: A server responsible for authenticating users and issuing tokens such as access tokens and refresh tokens, acting as the central authority in OAuth2 and OpenID Connect systems.
Bearer Token: A type of access token used in HTTP authentication where possession of the token grants access to protected resources, commonly sent in the Authorization header.
BFF (aka Backend for Frontend): An architectural pattern where a backend service is built specifically for a particular frontend, aggregating data from multiple services and shaping responses for that client.
Caching: A performance technique where responses or computed data are stored temporarily so future requests can be served faster without repeating the same computation.
CDN (aka Content Delivery Network): A distributed network of servers that cache and deliver static assets such as images, scripts, and stylesheets from locations geographically closer to users.
CORS (aka Cross-Origin Resource Sharing): A browser security mechanism that controls whether a web page can request resources from a different origin than the one that served the page.
CSR (aka Client-Side Rendering): An application rendering strategy where the rendering happens in a client, typically the browser, in the same process event listeners are attached to react to them and re-render the UI.
CSS (aka Cascading Style Sheets): A stylesheet language used to control the presentation of HTML documents, including layout, colors, typography, spacing, and responsive design.
DNS (aka Domain Name System): A distributed system that translates human-readable domain names into IP addresses so browsers can locate servers on the internet.
Edge Functions: Small serverless functions that run at the edge of a CDN network close to users, often used for authentication, request rewriting, personalization, and lightweight SSR.
Edge Rendering: A rendering strategy where SSR runs on edge runtimes located close to users, reducing latency compared to rendering requests in a centralized server or traditional backend.
Edge Runtime: A lightweight JavaScript runtime designed to run code at the edge of a CDN network, commonly used for Edge Functions and SSR close to the user.
FTP (aka File Transfer Protocol): A network protocol used to transfer files between a client and a server, historically common for uploading website files to hosting servers.
GraphQL: A query language and runtime for APIs that allows clients to request exactly the data they need from a server rather than receiving fixed responses from predefined endpoints.
HDR (aka Hot Data Revalidation): A development-time compiler feature where the data used by an application is replaced at runtime without reloading the application and losing any in-memory state.
HMR (aka Hot Module Replacement): A development-time compiler feature where the code is replaced at runtime without reloading the application or server and losing any in-memory state.
HTML (aka Hypertext Markup Language): The standard markup language used to structure content on the web, defining elements such as headings, paragraphs, links, images, and other page structure.
HTTP (aka Hypertext Transfer Protocol): The application-layer protocol used for communication between web browsers and servers, defining how requests and responses are formatted and transmitted across the web.
HTTPS (aka Hypertext Transfer Protocol Secure): A secure version of HTTP that encrypts communication between a client and server using TLS, protecting data from interception or modification during transmission.
Hydration: The process where client-side JavaScript takes control of HTML generated by SSR, attaching event listeners and restoring application state so the page becomes interactive.
Idempotency: A property of an operation where performing the same request multiple times produces the same result, commonly used in APIs to make retries safe.
IP (aka Internet Protocol): The protocol responsible for addressing and routing packets across networks so data can travel from a source device to a destination device.
Islands Architecture: An architecture where most of a page is static HTML but small interactive sections, called islands, are hydrated as independent components instead of turning the entire page into a SPA.
ISR (aka Incremental Static Regeneration): An application rendering strategy where SSG is used combined with SSR to update or generate new static HTML files at runtime without re-building the application.
JSON (aka JavaScript Object Notation): A lightweight data format commonly used in APIs to exchange structured data between clients and servers in a format that is easy for humans to read and machines to parse.
JWK (aka JSON Web Key): A JSON representation of a cryptographic key used in web security systems, commonly published by Authorization Servers so other services can verify signatures on JWTs.
JWKS (aka JSON Web Key Set): A JSON document containing one or more JWKs, typically exposed through a public endpoint so Resource Servers can retrieve the keys required to validate JWT signatures.
JWT (aka JSON Web Token): A compact and self-contained token format used to securely transmit claims between parties, commonly used in authentication systems where an Authorization Server issues tokens to clients.
Microservices: An architectural style where an application is composed of multiple independent services that communicate over a network, each responsible for a specific capability and deployable independently.
MIME Type (aka Multipurpose Internet Mail Extensions Type): A standardized identifier used by HTTP to describe the format of a file or response, such as text/html, application/json, or image/png.
Monolith: An application architecture where the frontend, backend, and business logic are developed and deployed together as a single system rather than split across multiple independent services.
MPA (aka Multi-Page Application): An application navigation strategy where the navigation between routes/views happens by requesting a new document from the server.
OAuth2 (aka OAuth 2.0): An authorization framework that allows applications to obtain limited access to user resources on another service without requiring the user to share their credentials.
OIDC (aka OpenID Connect): An identity layer built on top of OAuth2 that allows applications to authenticate users and obtain identity information through standardized tokens such as ID Tokens.
Optimistic UI: A UX pattern where the interface updates immediately after a user action assuming the server operation will succeed, later reconciling the UI state with the server response.
Partial Hydration: A rendering strategy where only specific parts of a server-rendered page are hydrated with JavaScript instead of the entire document, reducing the amount of JavaScript executed in the browser.
PEMPA (aka Progressively Enhanced Multi-Page Application): A progressively enhanced MPA that uses JS, general navigation happens like a MPA but in-page changes happens with or without JS to fetch more data as the user interact with the application.
PESPA (aka Progressively Enhanced Single-Page Application): A progressively enhanced SPA that uses SSR on document requests, and after JS loads start working as a SPA, while most if not all of the behavior can stil work before JS work.
PKCE (aka Proof Key for Code Exchange): An extension to the OAuth2 Authorization Code Flow that protects public clients from authorization code interception by requiring a one-time secret during token exchange.
PPR (aka Partial Pre-Rendering): An application rendering strategy where SSG is used in combination with SSR to generate at build time the static parts of an HTML document and then use SSR to stream the dynamic parts at runtime.
Progressive Enhancement: A web development strategy where a website works with basic functionality using HTML and server responses, and enhances the experience with JavaScript when available.
Rate Limiting: A technique used by APIs and servers to restrict how many requests a client can make within a given time period, protecting systems from abuse or overload.
Refresh Token: A token used to obtain new access tokens from an Authorization Server without requiring the user to authenticate again, typically long-lived and stored securely by the client.
Rendering: The process of generating the UI of an application from data and components, either on the server (SSR) or in the browser (CSR).
Resource Server: A server that hosts protected resources and validates access tokens before granting access, commonly implemented as an API that trusts tokens issued by an Authorization Server.
REST (aka Representational State Transfer): An architectural style for building Web APIs where resources are accessed through standard HTTP methods such as GET, POST, PUT, PATCH, and DELETE.
RESTful: A term used to describe APIs that follow the principles of REST, using standard HTTP methods, stateless communication, and resource-based URLs to provide predictable and consistent API design.
Routing: The mechanism that determines which content or component should be displayed based on the current URL, either handled by the server or by client-side routers in SPAs.
RSC (aka React Server Components): A React rendering model where components run on the server and send serialized UI to the client, reducing the amount of JavaScript needed in the browser.
Same-Origin Policy: A browser security rule that restricts scripts from interacting with resources from a different origin unless explicitly allowed through mechanisms such as CORS.
Serverless: A cloud computing model where applications run as short-lived functions managed by a platform, allowing developers to deploy code without managing servers or infrastructure.
SPA (aka Single-Page Application): An application navigation strategy where the navigation between routes/views of the application happens client-side without creating a new document request.
SSE (aka Server-Sent Events): A browser technology that allows a server to push real-time updates to the client over a single HTTP connection, commonly used for notifications and live feeds.
SSG (aka Static Site Generation): An application rendering strategy where the server generates static HTML files at build time instead of runtime. Updating those static files require a new build of the application.
SSR (aka Server-Side Rendering): An application rendering strategy where the rendering happens in a server, typically at runtime when a new render is requested.
Static Assets: Files such as images, fonts, stylesheets, and scripts that are served directly to the browser without server-side processing.
Streaming SSR: A variation of SSR where the server sends HTML to the browser in chunks as it is generated, allowing the browser to begin rendering the page before the full response is complete.
TCP (aka Transmission Control Protocol): A core internet protocol that ensures reliable, ordered delivery of data between devices communicating over a network.
TLS (aka Transport Layer Security): A cryptographic protocol used to secure communications over a network, commonly used by HTTPS and WSS to encrypt data between clients and servers.
URI (aka Uniform Resource Identifier): A broader identifier used to identify a resource, which may include URLs or other naming schemes that reference resources without specifying their location.
URL (aka Uniform Resource Locator): A standardized address used to locate resources on the web, specifying the protocol, domain, path, and optionally query parameters or fragments.
Web API: An API exposed over HTTP that allows clients such as browsers or mobile applications to interact with backend services.
Webhooks: A mechanism where one system sends HTTP requests to another when specific events occur, allowing applications to receive real-time updates without polling an API.
WebSockets: A protocol that provides persistent, bidirectional communication between a client and a server, allowing real-time features such as chat, live updates, and streaming data.
WSS (aka WebSocket Secure): The encrypted version of the WebSocket protocol, using TLS to provide secure real-time communication between a client and a server over the internet.
XML (aka Extensible Markup Language): A markup language used to represent structured data in a hierarchical format, historically common in web services before JSON became dominant.