Week 3 — Networking: How the Internet Actually Works
The textbook for this week
The deep version of this week lives in the Networking track. Day 1 (DNS + TCP) = Networking 02 + 03, Day 2 (HTTP) = Networking 04, Day 3 (TLS) = Networking 05, Days 4–5 (REST design + build) = Spring Boot 03. Work the modules; use this page as the weekly checklist.
Why This Matters
Every API call, every database query, every microservice communication — it’s all networking. When your API is slow, 80% of the time it’s a network issue, not a code issue. If you don’t understand the wire, you can’t debug production.
Learning Goals
By Friday you should be able to whiteboard:
- The full journey of an HTTP request (DNS → TCP → TLS → HTTP → Response)
- Why TCP uses a 3-way handshake and what happens if a packet is lost
- What HTTP headers actually do and which ones matter for APIs
- How HTTPS/TLS keeps your payment data safe
Daily Breakdown
Day 1: DNS + TCP — The Foundation
The question: What happens when you type api.splitwise.com/expenses in a browser?
The answer (build this mental model):
1. Browser checks DNS cache → OS cache → Router cache → ISP DNS
2. DNS resolves api.splitwise.com → 104.26.5.78
3. TCP 3-way handshake: SYN → SYN-ACK → ACK (connection established)
4. TLS handshake (if HTTPS): negotiate encryption
5. HTTP request sent: GET /expenses HTTP/1.1
6. Server processes, sends HTTP response
7. TCP ensures all packets arrive in order (retransmits if lost)
8. Connection stays alive (keep-alive) or closes (FIN)
Read:
howdns.works— visual, interactive, takes 10 minutes- Baeldung: “TCP/IP Protocol” overview
Exercise: Use nslookup and tracert (Windows) on real domains. See the hops.
nslookup google.com
tracert google.com
Day 2: HTTP Deep Dive
HTTP is the language your API speaks. Not knowing it = not knowing your tools.
Methods that matter:
| Method | Meaning | Idempotent? | Safe? |
|---|---|---|---|
| GET | Retrieve data | Yes | Yes |
| POST | Create resource | No | No |
| PUT | Replace resource entirely | Yes | No |
| PATCH | Partial update | No | No |
| DELETE | Remove resource | Yes | No |
Idempotent = calling it 5 times gives the same result as calling it once. This matters enormously in fintech — if a payment request is retried, an idempotent endpoint won’t charge twice.
Headers that matter for APIs:
Content-Type: application/json # What format the body is in
Authorization: Bearer eyJhbGciOi... # Who you are
Accept: application/json # What format you want back
Cache-Control: no-cache # Don't cache this
X-Request-Id: uuid-here # For tracing (fintech requirement)
Status codes you must know:
| Code | Meaning | When to Use |
|---|---|---|
| 200 | OK | Successful GET/PUT/PATCH |
| 201 | Created | Successful POST that created a resource |
| 204 | No Content | Successful DELETE |
| 400 | Bad Request | Validation failed (missing fields, wrong format) |
| 401 | Unauthorized | No token or expired token |
| 403 | Forbidden | Valid token but no permission |
| 404 | Not Found | Resource doesn’t exist |
| 409 | Conflict | Duplicate creation, race condition |
| 429 | Too Many Requests | Rate limited |
| 500 | Internal Server Error | Your code broke |
| 502 | Bad Gateway | Upstream service broke |
| 503 | Service Unavailable | Server overloaded |
Day 3: HTTPS / TLS
Why this matters for fintech: You’re building a system that handles money. Every request MUST be encrypted. You need to understand how, not just that.
TLS handshake (simplified):
1. Client: "Hello, I support these encryption methods"
2. Server: "Let's use this one. Here's my certificate."
3. Client: Verifies certificate with Certificate Authority
4. Both: Generate shared session key using asymmetric crypto
5. All future data: Encrypted with symmetric key (fast)
Key concepts:
- Asymmetric encryption (RSA/ECDSA): slow, used for key exchange
- Symmetric encryption (AES): fast, used for actual data
- Certificate Authority: trusted third party that says “yes, this server is really api.splitwise.com”
Read: Cloudflare’s “What is TLS?” article — clear, visual, 10 minutes.
Day 4: REST API Design — The Right Way
Now apply networking knowledge to your project:
Design your API endpoints. Think about:
# Users
POST /api/v1/users → Create user
GET /api/v1/users/{id} → Get user by ID
# Groups
POST /api/v1/groups → Create group
GET /api/v1/groups/{id} → Get group with members
POST /api/v1/groups/{id}/members → Add member to group
# Expenses
POST /api/v1/groups/{groupId}/expenses → Create expense
GET /api/v1/groups/{groupId}/expenses → List expenses (paginated)
GET /api/v1/expenses/{id} → Get expense detail
# Balances
GET /api/v1/groups/{groupId}/balances → Who owes whom
Design decisions to think about:
- Why
/api/v1/? (versioning — you can’t break existing clients) - Why nested routes for expenses? (they belong to a group)
- Why pagination? (a group might have 10,000 expenses)
Day 5: Build the REST Layer
Wire up your Spring controllers:
@RestController
@RequestMapping("/api/v1/groups/{groupId}/expenses")
public class ExpenseController {
@PostMapping
public ResponseEntity<ApiResponse<ExpenseDTO>> createExpense(
@PathVariable Long groupId,
@Valid @RequestBody CreateExpenseRequest request) {
ExpenseDTO expense = expenseService.createExpense(groupId, request);
return ResponseEntity.status(HttpStatus.CREATED)
.body(ApiResponse.ok(expense));
}
}
Weekend Checklist
- Can you explain DNS → TCP → HTTP → Response without notes?
- 3-4 REST endpoints working in your project
- Tested with Postman or curl
- Proper HTTP status codes (201 for creation, 404 for not found)
- Error responses use your custom exception handler from Week 2
- DSA kickoff: read the DSA track overview, then do DSA 01 — Big-O: The Cost Of Code — play with the explorer, take the quiz, run the Build This timing experiment. One module per weekend from here on.
Resources
| What | Where | Time |
|---|---|---|
| DNS visual guide | howdns.works | 10 min |
| HTTP overview | MDN Web Docs “HTTP” | 30 min |
| TLS explained | Cloudflare “What is TLS?“ | 10 min |
| REST best practices | Baeldung “REST API Best Practices” | 20 min |