# Session 3: API Integration, Env Configs, Error Handling & Build Optimization
## Comprehensive Training Guide for Fresh Engineering Graduates

---

## Table of Contents
1. [REST API Fundamentals](#rest-api-fundamentals)
2. [Axios vs Fetch](#axios-vs-fetch)
3. [API Service Layer Pattern](#api-service-layer-pattern)
4. [Async/Await & Loading States](#asyncawait--loading-states)
5. [Global Error Handling Strategy](#global-error-handling-strategy)
6. [HTTP Status Code Handling](#http-status-code-handling)
7. [Environment Configuration](#environment-configuration)
8. [Securing Secrets & Sensitive Data](#securing-secrets--sensitive-data)
9. [Build Process](#build-process)
10. [Performance Optimizations](#performance-optimizations)
11. [Real-World Implementation](#real-world-implementation)
12. [Exercises & Assessment](#exercises--assessment)

---

## REST API Fundamentals

### HTTP Methods & CRUD Operations

**REST (Representational State Transfer)** maps HTTP methods to CRUD operations:

| HTTP Method | CRUD Operation | Purpose | Returns |
|------------|---|---------|---------|
| **GET** | Read | Fetch data (idempotent, safe) | 200 OK + data |
| **POST** | Create | Create new resource | 201 Created + new resource |
| **PUT** | Update (Replace) | Replace entire resource | 200 OK + updated resource |
| **PATCH** | Update (Partial) | Partially update resource | 200 OK + updated resource |
| **DELETE** | Delete | Remove resource | 204 No Content |

### API URL Structure

```
https://api.example.com/v1/users/123/posts/456

Protocol  Host              Version  Resource  ID  Sub-resource  Sub-ID
   ↓      ↓                   ↓        ↓        ↓      ↓           ↓
```

### Common HTTP Status Codes

| Code | Category | Meaning | Action |
|------|----------|---------|--------|
| **200** | Success | OK - Request succeeded | Use the data |
| **201** | Success | Created - Resource created | Use the new resource |
| **204** | Success | No Content - Successful delete | Success, no data |
| **400** | Client Error | Bad Request - Invalid data | Show form error to user |
| **401** | Client Error | Unauthorized - Not authenticated | Redirect to login |
| **403** | Client Error | Forbidden - No permission | Show "access denied" |
| **404** | Client Error | Not Found - Resource doesn't exist | Show "not found" page |
| **409** | Client Error | Conflict - Data conflict (duplicate) | Show error to user |
| **429** | Client Error | Too Many Requests - Rate limited | Wait and retry |
| **500** | Server Error | Internal Server Error | Show generic error |
| **502** | Server Error | Bad Gateway - Server down | Show "service unavailable" |
| **503** | Server Error | Service Unavailable | Show "service unavailable" |

### Example REST API Calls

```javascript
// ✅ GET - Fetch all users
fetch('https://api.example.com/v1/users', {
  method: 'GET'
})
.then(r => r.json())
.then(users => console.log(users));

// ✅ POST - Create new user
fetch('https://api.example.com/v1/users', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ name: 'John', email: 'john@example.com' })
})
.then(r => r.json())
.then(newUser => console.log(newUser));

// ✅ PUT - Replace entire user
fetch('https://api.example.com/v1/users/123', {
  method: 'PUT',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ name: 'Jane', email: 'jane@example.com' })
})
.then(r => r.json());

// ✅ PATCH - Update specific fields
fetch('https://api.example.com/v1/users/123', {
  method: 'PATCH',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ email: 'newemail@example.com' }) // Only update email
})
.then(r => r.json());

// ✅ DELETE - Remove user
fetch('https://api.example.com/v1/users/123', {
  method: 'DELETE'
})
.then(r => r.status === 204 && console.log('Deleted'));
```

---

## Axios vs Fetch

### Comparison

| Feature | Fetch API | Axios |
|---------|-----------|-------|
| **Built-in** | ✅ Yes (native) | ❌ Library (npm install) |
| **Request Interceptors** | ❌ No | ✅ Yes |
| **Response Interceptors** | ❌ No | ✅ Yes |
| **Error Handling** | ❌ Doesn't reject on 4xx/5xx | ✅ Rejects on any non-2xx |
| **Request Timeout** | ❌ No (need AbortController) | ✅ Built-in timeout option |
| **Request Cancellation** | ⚠️ Complex (AbortController) | ✅ Simple (CancelToken) |
| **XSRF Protection** | ❌ Manual | ✅ Automatic |
| **Request/Response Transform** | ❌ Manual | ✅ Built-in |
| **Bundle Size** | ✅ 0 bytes (native) | ❌ ~13KB gzipped |

### Fetch API (2024+ - Modern Approach)

```javascript
// ❌ Problem with Fetch - Status 404/500 don't reject
fetch('/api/user')
  .then(r => r.json())
  .then(data => console.log(data))
  .catch(err => console.log('Network error')); // Never fires on 404!

// ✅ Correct Fetch pattern - Check status manually
async function fetchUser() {
  const response = await fetch('/api/user');
  
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  
  return response.json();
}

// ✅ Fetch with timeout (AbortController)
async function fetchWithTimeout(url, timeout = 5000) {
  const controller = new AbortController();
  const timeoutId = setTimeout(() => controller.abort(), timeout);

  try {
    const response = await fetch(url, { signal: controller.signal });
    
    if (!response.ok) {
      throw new Error(`HTTP ${response.status}`);
    }
    
    return await response.json();
  } finally {
    clearTimeout(timeoutId);
  }
}
```

### Axios (Production-Grade - Recommended)

```javascript
import axios from 'axios';

// ✅ Axios automatically rejects on 4xx/5xx
axios.get('/api/user')
  .then(response => console.log(response.data))
  .catch(error => console.log('Error:', error.message)); // Fires on 404!

// ✅ Axios with timeout (much simpler)
axios.get('/api/user', { timeout: 5000 })
  .then(response => console.log(response.data))
  .catch(error => console.log(error));

// ✅ Request cancellation with Axios
const source = axios.CancelToken.source();

setTimeout(() => source.cancel('Request timeout'), 5000);

axios.get('/api/data', { cancelToken: source.token })
  .catch(error => {
    if (axios.isCancel(error)) {
      console.log('Request cancelled');
    }
  });

// ✅ Axios interceptors (global error handling)
axios.interceptors.response.use(
  response => response,
  error => {
    if (error.response?.status === 401) {
      // Redirect to login
      window.location.href = '/login';
    }
    return Promise.reject(error);
  }
);
```

**Why Axios usually wins:**
1. Built-in error handling (rejects on any non-2xx)
2. Automatic request/response transformation
3. Request cancellation
4. Global interceptors for middleware
5. Timeout handling
6. XSRF token automation

---

## API Service Layer Pattern

### Separating API Logic (Separation of Concerns)

**Bad Pattern - API calls scattered everywhere:**

```javascript
// ❌ API calls mixed in components (hard to test, change, maintain)
function UserProfile({ userId }) {
  const [user, setUser] = useState(null);

  useEffect(() => {
    fetch(`/api/users/${userId}`)
      .then(r => r.json())
      .then(setUser);
  }, [userId]);

  return <h1>{user?.name}</h1>;
}

function UserPosts({ userId }) {
  const [posts, setPosts] = useState(null);

  useEffect(() => {
    fetch(`/api/users/${userId}/posts`)
      .then(r => r.json())
      .then(setPosts);
  }, [userId]);

  return <div>{posts?.map(p => <p key={p.id}>{p.title}</p>)}</div>;
}
```

**Good Pattern - Centralized API service:**

```javascript
// api/userService.js - Single source of truth
import axios from 'axios';

const API_BASE_URL = process.env.REACT_APP_API_URL;

const userService = {
  // Fetch user by ID
  getUser: (userId) => {
    return axios.get(`${API_BASE_URL}/users/${userId}`);
  },

  // Fetch user posts
  getUserPosts: (userId) => {
    return axios.get(`${API_BASE_URL}/users/${userId}/posts`);
  },

  // Create new user
  createUser: (userData) => {
    return axios.post(`${API_BASE_URL}/users`, userData);
  },

  // Update user
  updateUser: (userId, userData) => {
    return axios.put(`${API_BASE_URL}/users/${userId}`, userData);
  },

  // Delete user
  deleteUser: (userId) => {
    return axios.delete(`${API_BASE_URL}/users/${userId}`);
  }
};

export default userService;

// ─────────────────────────────────────────────────

// hooks/useUser.js - Custom hook using service
import { useState, useEffect } from 'react';
import userService from '../api/userService';

function useUser(userId) {
  const [user, setUser] = useState(null);
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState(null);

  useEffect(() => {
    setLoading(true);
    
    userService.getUser(userId)
      .then(response => {
        setUser(response.data);
        setError(null);
      })
      .catch(err => {
        setError(err.message);
        setUser(null);
      })
      .finally(() => setLoading(false));
  }, [userId]);

  return { user, loading, error };
}

export default useUser;

// ─────────────────────────────────────────────────

// Components - Clean and focused on UI
function UserProfile({ userId }) {
  const { user, loading, error } = useUser(userId);

  if (loading) return <p>Loading...</p>;
  if (error) return <p>Error: {error}</p>;
  if (!user) return <p>User not found</p>;

  return <h1>{user.name}</h1>;
}

function UserPosts({ userId }) {
  const [posts, setPosts] = useState([]);

  useEffect(() => {
    userService.getUserPosts(userId)
      .then(response => setPosts(response.data));
  }, [userId]);

  return (
    <div>
      {posts.map(post => (
        <div key={post.id}>{post.title}</div>
      ))}
    </div>
  );
}
```

**Benefits:**
- ✅ Single source of truth for API endpoints
- ✅ Easy to change API URLs/versions globally
- ✅ Consistent error handling
- ✅ Easy to mock for testing
- ✅ Reusable across components

---

## Async/Await & Loading States

### Proper Loading State Management

```javascript
import { useState, useEffect } from 'react';
import userService from '../api/userService';

function UserDataComponent({ userId }) {
  const [state, setState] = useState({
    data: null,
    loading: true,
    error: null
  });

  useEffect(() => {
    const fetchUser = async () => {
      try {
        // 1. Set loading state
        setState(prev => ({ ...prev, loading: true, error: null }));

        // 2. Fetch data
        const response = await userService.getUser(userId);

        // 3. Set success state
        setState({
          data: response.data,
          loading: false,
          error: null
        });
      } catch (err) {
        // 4. Set error state
        setState({
          data: null,
          loading: false,
          error: err.message
        });
      }
    };

    fetchUser();
  }, [userId]);

  // ✅ Show appropriate UI based on state
  if (state.loading) {
    return <div className="spinner">Loading...</div>;
  }

  if (state.error) {
    return <div className="error">Error: {state.error}</div>;
  }

  if (!state.data) {
    return <div>No data found</div>;
  }

  return (
    <div>
      <h1>{state.data.name}</h1>
      <p>{state.data.email}</p>
    </div>
  );
}

export default UserDataComponent;
```

### Handling Race Conditions (Multiple Async Operations)

```javascript
// ❌ PROBLEM - Race condition when userId changes rapidly
function BadComponent({ userId }) {
  const [user, setUser] = useState(null);

  useEffect(() => {
    // If userId changes before fetch completes,
    // old response overwrites new response!
    userService.getUser(userId)
      .then(response => setUser(response.data));
  }, [userId]);

  return <div>{user?.name}</div>;
}

// ✅ SOLUTION 1 - Using AbortController
function GoodComponent({ userId }) {
  const [user, setUser] = useState(null);

  useEffect(() => {
    const controller = new AbortController();

    userService.getUser(userId)
      .then(response => setUser(response.data))
      .catch(err => {
        if (err.name !== 'AbortError') {
          console.error(err);
        }
      });

    // Cleanup - abort if userId changes before request completes
    return () => controller.abort();
  }, [userId]);

  return <div>{user?.name}</div>;
}

// ✅ SOLUTION 2 - Check if mounted before state update
function BetterComponent({ userId }) {
  const [user, setUser] = useState(null);

  useEffect(() => {
    let isMounted = true;

    const fetchUser = async () => {
      try {
        const response = await userService.getUser(userId);
        
        // Only update state if component is still mounted
        if (isMounted) {
          setUser(response.data);
        }
      } catch (err) {
        if (isMounted) {
          console.error(err);
        }
      }
    };

    fetchUser();

    // Cleanup - mark as unmounted
    return () => {
      isMounted = false;
    };
  }, [userId]);

  return <div>{user?.name}</div>;
}
```

---

## Global Error Handling Strategy

### Centralized Error Handler with Context

```javascript
// contexts/ErrorContext.js
import { createContext, useContext, useState } from 'react';

const ErrorContext = createContext();

export function ErrorProvider({ children }) {
  const [error, setError] = useState(null);

  const showError = (message, type = 'error', duration = 5000) => {
    setError({ message, type, id: Date.now() });

    // Auto-dismiss after duration
    setTimeout(() => setError(null), duration);
  };

  const clearError = () => setError(null);

  return (
    <ErrorContext.Provider value={{ error, showError, clearError }}>
      {children}
      <ErrorDisplay error={error} />
    </ErrorContext.Provider>
  );
}

export function useError() {
  const context = useContext(ErrorContext);
  if (!context) {
    throw new Error('useError must be used inside ErrorProvider');
  }
  return context;
}

// ─────────────────────────────────────────────────

// components/ErrorDisplay.js
function ErrorDisplay({ error }) {
  if (!error) return null;

  return (
    <div className={`error-message error-${error.type}`}>
      {error.message}
    </div>
  );
}

// ─────────────────────────────────────────────────

// Setup in main App
function App() {
  return (
    <ErrorProvider>
      <Router>
        <Routes>
          {/* Your routes */}
        </Routes>
      </Router>
    </ErrorProvider>
  );
}

// ─────────────────────────────────────────────────

// Usage in any component
function MyComponent() {
  const { showError } = useError();

  const handleSaveUser = async () => {
    try {
      await userService.updateUser(userId, data);
    } catch (err) {
      showError('Failed to save user. Please try again.', 'error', 4000);
    }
  };

  return <button onClick={handleSaveUser}>Save</button>;
}
```

### Axios Interceptors for Global Error Handling

```javascript
// api/axiosConfig.js
import axios from 'axios';

export const setupAxiosInterceptors = (errorCallback) => {
  // Response interceptor - runs on every response
  axios.interceptors.response.use(
    // Success case - just return response
    response => response,
    
    // Error case - handle all errors globally
    error => {
      const { response, message } = error;

      // Handle different error types
      if (response?.status === 401) {
        // Unauthorized - redirect to login
        errorCallback('Session expired. Please login again.');
        window.location.href = '/login';
      } else if (response?.status === 403) {
        // Forbidden
        errorCallback('You do not have permission to perform this action.');
      } else if (response?.status === 404) {
        // Not found
        errorCallback('Resource not found.');
      } else if (response?.status >= 500) {
        // Server error
        errorCallback('Server error. Please try again later.');
      } else if (message === 'Network Error') {
        // Network error
        errorCallback('Network error. Check your internet connection.');
      } else {
        // Generic error
        errorCallback(response?.data?.message || 'An error occurred');
      }

      return Promise.reject(error);
    }
  );
};

// ─────────────────────────────────────────────────

// index.js or App.js - Setup interceptors
import { setupAxiosInterceptors } from './api/axiosConfig';
import { useError } from './contexts/ErrorContext';

function App() {
  const { showError } = useError();

  useEffect(() => {
    setupAxiosInterceptors((message) => showError(message, 'error'));
  }, [showError]);

  return (
    <ErrorProvider>
      {/* Your app */}
    </ErrorProvider>
  );
}
```

---

## HTTP Status Code Handling

### Comprehensive Status Code Strategy

```javascript
// api/statusCodeHandlers.js
export const statusCodeHandlers = {
  // 2xx Success
  200: {
    message: 'Success',
    severity: 'success',
    action: 'CONTINUE'
  },
  201: {
    message: 'Resource created',
    severity: 'success',
    action: 'CONTINUE'
  },
  204: {
    message: 'Success (no content)',
    severity: 'success',
    action: 'CONTINUE'
  },

  // 4xx Client Errors
  400: {
    message: 'Invalid request. Please check your input.',
    severity: 'error',
    action: 'SHOW_FORM_ERRORS'
  },
  401: {
    message: 'Your session expired. Please login again.',
    severity: 'error',
    action: 'REDIRECT_LOGIN'
  },
  403: {
    message: 'You do not have permission to perform this action.',
    severity: 'error',
    action: 'SHOW_PERMISSION_ERROR'
  },
  404: {
    message: 'Resource not found.',
    severity: 'error',
    action: 'SHOW_NOT_FOUND'
  },
  409: {
    message: 'This resource already exists. Please check for duplicates.',
    severity: 'error',
    action: 'SHOW_CONFLICT_ERROR'
  },
  422: {
    message: 'Validation failed. Please check your input.',
    severity: 'error',
    action: 'SHOW_VALIDATION_ERRORS'
  },
  429: {
    message: 'Too many requests. Please wait a moment and try again.',
    severity: 'warning',
    action: 'RETRY_LATER'
  },

  // 5xx Server Errors
  500: {
    message: 'Server error. Please try again later.',
    severity: 'error',
    action: 'SHOW_ERROR'
  },
  502: {
    message: 'Server is temporarily unavailable. Please try again later.',
    severity: 'error',
    action: 'SHOW_UNAVAILABLE'
  },
  503: {
    message: 'Service is temporarily unavailable. Please try again later.',
    severity: 'error',
    action: 'SHOW_UNAVAILABLE'
  }
};

// ─────────────────────────────────────────────────

// api/errorHandler.js
import { statusCodeHandlers } from './statusCodeHandlers';

export function handleApiError(error) {
  const status = error.response?.status;
  const handler = statusCodeHandlers[status] || {
    message: 'An unexpected error occurred',
    severity: 'error',
    action: 'SHOW_ERROR'
  };

  return {
    message: error.response?.data?.message || handler.message,
    severity: handler.severity,
    action: handler.action,
    status
  };
}

// ─────────────────────────────────────────────────

// Usage in component
async function handleSubmitForm(data) {
  try {
    const response = await userService.createUser(data);
    showSuccess('User created successfully!');
  } catch (error) {
    const { message, action } = handleApiError(error);
    
    switch (action) {
      case 'REDIRECT_LOGIN':
        window.location.href = '/login';
        break;
      case 'SHOW_VALIDATION_ERRORS':
        setFormErrors(error.response.data.errors);
        break;
      case 'SHOW_ERROR':
      default:
        showError(message);
    }
  }
}
```

---

## Environment Configuration

### Frontend Environment Variables (Critical Concepts)

**Important:** Frontend environment variables are compiled into the bundle and are **publicly visible**.

```
# .env file
REACT_APP_API_URL=https://api.example.com
REACT_APP_APP_NAME=MyApp
REACT_APP_VERSION=1.0.0

# ❌ NEVER put sensitive data here
REACT_APP_API_KEY=secret123  # ❌ EXPOSED in bundle!
REACT_APP_DATABASE_URL=...   # ❌ EXPOSED in bundle!
```

### Environment-Specific Configurations

```javascript
// config/environment.js
const environments = {
  development: {
    API_URL: 'http://localhost:3001',
    LOG_LEVEL: 'debug',
    FEATURES: {
      ANALYTICS: false,
      BETA_FEATURES: true
    }
  },

  staging: {
    API_URL: 'https://staging-api.example.com',
    LOG_LEVEL: 'info',
    FEATURES: {
      ANALYTICS: true,
      BETA_FEATURES: true
    }
  },

  production: {
    API_URL: 'https://api.example.com',
    LOG_LEVEL: 'error',
    FEATURES: {
      ANALYTICS: true,
      BETA_FEATURES: false
    }
  }
};

const env = process.env.NODE_ENV || 'development';
const config = environments[env];

export default config;

// ─────────────────────────────────────────────────

// Usage
import config from './config/environment';

console.log('API URL:', config.API_URL);
console.log('Analytics enabled:', config.FEATURES.ANALYTICS);
```

### Runtime vs Build-Time Configuration

```javascript
// ❌ Build-time (compiled into bundle - only for public data)
const API_URL = process.env.REACT_APP_API_URL;

// ✅ Runtime (loaded when app starts - for sensitive data)
// server/config.js
export async function getConfig() {
  const response = await fetch('/api/config');
  return response.json();
}

// App.js
function App() {
  const [config, setConfig] = useState(null);

  useEffect(() => {
    getConfig().then(setConfig);
  }, []);

  if (!config) return <div>Loading...</div>;

  return (
    <ConfigContext.Provider value={config}>
      {/* App content */}
    </ConfigContext.Provider>
  );
}
```

---

## Securing Secrets & Sensitive Data

### What NOT to Put in Frontend

```javascript
// ❌ NEVER put these in frontend code or env files
const secrets = {
  DATABASE_URL: 'postgres://user:password@host/db',
  API_SECRET_KEY: 'super-secret-key-12345',
  JWT_SECRET: 'jwt-secret',
  AWS_ACCESS_KEY_ID: 'AKIAIOSFODNN7EXAMPLE',
  AWS_SECRET_ACCESS_KEY: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
  STRIPE_SECRET_KEY: 'sk_live_abc123',
  SENDGRID_API_KEY: 'SG.abc123def456',
  PAYMENT_WEBHOOK_SECRET: 'secret'
};
```

### Proper Secret Management

```javascript
// ✅ CORRECT - Use backend API for sensitive operations

// Backend: /api/routes/auth.js
app.post('/api/login', async (req, res) => {
  const { email, password } = req.body;
  
  // Use JWT_SECRET on backend
  const user = await authenticateUser(email, password);
  const token = jwt.sign({ userId: user.id }, process.env.JWT_SECRET);
  
  // Send token to frontend
  res.json({ token });
});

// Frontend: Only receive the token
async function login(email, password) {
  const response = await fetch('/api/login', {
    method: 'POST',
    body: JSON.stringify({ email, password })
  });
  
  const { token } = await response.json();
  
  // Store token securely
  localStorage.setItem('authToken', token);
  
  return token;
}

// ─────────────────────────────────────────────────

// ✅ Use environment variables only for public configuration
const PUBLIC_VARS = {
  REACT_APP_API_URL: 'https://api.example.com', // Public - OK
  REACT_APP_APP_NAME: 'MyApp', // Public - OK
  REACT_APP_ANALYTICS_ID: 'UA-123456-78', // Public - OK
};

// ❌ NEVER expose secrets
const PRIVATE_VARS = {
  // These should ONLY be in backend environment
  JWT_SECRET: '...',
  DATABASE_URL: '...',
  API_SECRET_KEY: '...'
};
```

---

## Build Process

### Development vs Production Builds

```bash
# Development build
npm start
# ✓ Slower build time
# ✓ Source maps for debugging
# ✓ Hot Module Replacement (HMR)
# ✓ Dev-time console warnings

# Production build
npm run build
# ✓ Minified code (much smaller)
# ✓ Tree-shaking (dead code elimination)
# ✓ Code splitting
# ✓ Optimized bundle
# ✗ No source maps by default
# ✗ Harder to debug
```

### Build Configuration for Multiple Environments

```json
{
  "scripts": {
    "dev": "react-scripts start",
    "build": "react-scripts build",
    "build:staging": "REACT_APP_ENV=staging react-scripts build",
    "build:prod": "REACT_APP_ENV=production react-scripts build"
  }
}
```

```javascript
// .env files
// .env.development (dev server)
REACT_APP_API_URL=http://localhost:3001
REACT_APP_ENV=development

// .env.staging (staging build)
REACT_APP_API_URL=https://staging-api.example.com
REACT_APP_ENV=staging

// .env.production (production build)
REACT_APP_API_URL=https://api.example.com
REACT_APP_ENV=production
```

---

## Performance Optimizations

### Optimization 1: Memoization (Prevent Unnecessary Renders)

```javascript
import { memo, useMemo, useCallback } from 'react';

// ✅ Prevent re-render if props haven't changed
const UserCard = memo(function UserCard({ user, onDelete }) {
  console.log('Rendering UserCard for:', user.id);
  
  return (
    <div>
      <h3>{user.name}</h3>
      <button onClick={() => onDelete(user.id)}>Delete</button>
    </div>
  );
});

// Usage
function UserList({ users }) {
  // ❌ Without useCallback, onDelete changes every render
  // UserCard will re-render even though user prop didn't change
  const handleDelete = (userId) => {
    console.log('Delete user:', userId);
  };

  // ✅ With useCallback, onDelete stays the same across renders
  const memoizedDelete = useCallback((userId) => {
    console.log('Delete user:', userId);
  }, []); // Depends on nothing, so never changes

  return (
    <>
      {users.map(user => (
        <UserCard key={user.id} user={user} onDelete={memoizedDelete} />
      ))}
    </>
  );
}

// ─────────────────────────────────────────────────

// ✅ useMemo - Prevent expensive calculations
function DataVisualization({ data }) {
  // Expensive calculation
  const sortedData = useMemo(() => {
    console.log('Sorting...');
    return [...data].sort((a, b) => a.value - b.value);
  }, [data]); // Only recalculate when data changes

  return <Chart data={sortedData} />;
}
```

### Optimization 2: Code Splitting (Lazy Load Routes)

```javascript
import { Suspense, lazy } from 'react';
import { BrowserRouter, Routes, Route } from 'react-router-dom';

// ❌ Without lazy loading - all components in one bundle
// import UserProfile from './pages/UserProfile';
// import Dashboard from './pages/Dashboard';
// import Settings from './pages/Settings';

// ✅ With lazy loading - components loaded on-demand
const UserProfile = lazy(() => import('./pages/UserProfile'));
const Dashboard = lazy(() => import('./pages/Dashboard'));
const Settings = lazy(() => import('./pages/Settings'));

function App() {
  return (
    <BrowserRouter>
      <Suspense fallback={<div>Loading page...</div>}>
        <Routes>
          <Route path="/user/:id" element={<UserProfile />} />
          <Route path="/dashboard" element={<Dashboard />} />
          <Route path="/settings" element={<Settings />} />
        </Routes>
      </Suspense>
    </BrowserRouter>
  );
}
```

### Optimization 3: Request Batching & Debouncing

```javascript
// ✅ Batch multiple API requests
async function fetchUserData(userId) {
  const [user, posts, followers] = await Promise.all([
    userService.getUser(userId),
    userService.getUserPosts(userId),
    userService.getUserFollowers(userId)
  ]);

  return { user: user.data, posts: posts.data, followers: followers.data };
}

// ─────────────────────────────────────────────────

// ✅ Debounce search input to reduce API calls
function SearchComponent() {
  const [query, setQuery] = useState('');
  const [results, setResults] = useState([]);

  useEffect(() => {
    const timer = setTimeout(() => {
      if (query.trim()) {
        searchService.search(query)
          .then(response => setResults(response.data));
      }
    }, 500); // Wait 500ms before searching

    return () => clearTimeout(timer);
  }, [query]);

  return (
    <>
      <input onChange={(e) => setQuery(e.target.value)} />
      {results.map(result => <div key={result.id}>{result.title}</div>)}
    </>
  );
}
```

### Optimization 4: Image Optimization

```javascript
// ✅ Use responsive images
function ProfileImage({ userId }) {
  return (
    <img
      src={`/api/users/${userId}/avatar?size=medium`}
      srcSet={`
        /api/users/${userId}/avatar?size=small 256w,
        /api/users/${userId}/avatar?size=medium 512w,
        /api/users/${userId}/avatar?size=large 1024w
      `}
      sizes="(max-width: 600px) 256px, 512px"
      alt="User avatar"
      loading="lazy" // Lazy load images
    />
  );
}

// ✅ Use modern formats with fallback
function OptimizedImage({ src, alt }) {
  return (
    <picture>
      <source srcSet={src.replace(/\.[^.]+$/, '.webp')} type="image/webp" />
      <source srcSet={src.replace(/\.[^.]+$/, '.jpg')} type="image/jpeg" />
      <img src={src} alt={alt} loading="lazy" />
    </picture>
  );
}
```

---

## Real-World Implementation

### Complete API Integration Example

```javascript
// services/api.js - Base axios instance
import axios from 'axios';

const API = axios.create({
  baseURL: process.env.REACT_APP_API_URL,
  timeout: 10000
});

// Add auth token to every request
API.interceptors.request.use(
  config => {
    const token = localStorage.getItem('authToken');
    if (token) {
      config.headers.Authorization = `Bearer ${token}`;
    }
    return config;
  },
  error => Promise.reject(error)
);

// Handle errors globally
API.interceptors.response.use(
  response => response,
  error => {
    if (error.response?.status === 401) {
      // Token expired - redirect to login
      localStorage.removeItem('authToken');
      window.location.href = '/login';
    }
    return Promise.reject(error);
  }
);

export default API;

// ─────────────────────────────────────────────────

// services/userService.js
import API from './api';

export const userService = {
  getUser: (id) => API.get(`/users/${id}`),
  listUsers: (page = 1, limit = 10) => 
    API.get('/users', { params: { page, limit } }),
  createUser: (data) => API.post('/users', data),
  updateUser: (id, data) => API.put(`/users/${id}`, data),
  deleteUser: (id) => API.delete(`/users/${id}`)
};

// ─────────────────────────────────────────────────

// hooks/useUser.js
import { useState, useEffect } from 'react';
import { userService } from '../services/userService';

export function useUser(userId) {
  const [user, setUser] = useState(null);
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState(null);

  useEffect(() => {
    let isMounted = true;

    const fetchUser = async () => {
      try {
        const response = await userService.getUser(userId);
        if (isMounted) {
          setUser(response.data);
          setError(null);
        }
      } catch (err) {
        if (isMounted) {
          setError(err.message);
          setUser(null);
        }
      } finally {
        if (isMounted) {
          setLoading(false);
        }
      }
    };

    fetchUser();

    return () => {
      isMounted = false;
    };
  }, [userId]);

  return { user, loading, error };
}

// ─────────────────────────────────────────────────

// pages/UserProfile.js
import { useUser } from '../hooks/useUser';
import { useError } from '../contexts/ErrorContext';

function UserProfile({ userId }) {
  const { user, loading, error } = useUser(userId);
  const { showError } = useError();

  useEffect(() => {
    if (error) showError(error);
  }, [error, showError]);

  if (loading) return <div className="loading-skeleton" />;
  if (!user) return <div>User not found</div>;

  return (
    <div className="user-profile">
      <h1>{user.name}</h1>
      <p>{user.email}</p>
      <p>{user.bio}</p>
    </div>
  );
}

export default UserProfile;
```

---

## Exercises & Assessment

### Exercise 1: API Service Layer (Difficulty: Easy)
Create a `postService` module that handles:
- GET all posts
- GET single post by ID
- POST create new post
- PUT update post
- DELETE delete post

### Exercise 2: Error Boundary & Global Error Handler (Difficulty: Medium)
Create:
- Error context for global error display
- Error boundary component
- API interceptor to catch and display errors

### Exercise 3: Custom Hook with API Integration (Difficulty: Medium)
Create `usePosts` hook that:
- Fetches posts on mount
- Handles loading/error states
- Supports pagination
- Returns refresh function to refetch

### Exercise 4: Environment Configuration (Difficulty: Easy)
Set up:
- Development, staging, production .env files
- Config system that switches based on NODE_ENV
- Use config in API service

### Exercise 5: Performance Optimization (Difficulty: Hard)
Implement:
- Code splitting for routes
- Lazy loading images
- Memoization for expensive components
- Request debouncing for search

---

## Key Takeaways

✅ **Use a service layer** - Keep API calls centralized and testable
✅ **Handle all status codes** - Don't just assume 2xx means success
✅ **Use Axios** - Much better than Fetch for production apps
✅ **Global error handling** - Use interceptors and context
✅ **Never expose secrets** - Keep API keys on backend only
✅ **Proper env configs** - Different configs for dev/staging/prod
✅ **Optimize aggressively** - Code splitting, memoization, debouncing
✅ **Always handle race conditions** - Use AbortController or isMounted check

---

*Last Updated: January 2026 | React 18+ | For Production Use*
