#Hello I am a full stack developer

.
├── docker-compose.yml
├── next.config.js
├── next-env.d.ts
├── package.json
├── package-lock.json
├── prisma
│   └── schema.prisma
├── public
│   ├── favicon.ico
│   ├── next.svg
│   ├── thirteen.svg
│   └── vercel.svg
├── README.md
├── src
│   ├── backend
│   │   ├── db
│   │   │   └── prisma.ts
│   │   └── modules
│   │       ├── auth
│   │       │   ├── authSchema.ts
│   │       │   └── authService.ts
│   │       ├── cart
│   │       │   ├── cartSchema.ts
│   │       │   └── cartService.ts
│   │       ├── product
│   │       │   ├── productSchema.ts
│   │       │   └── productService.ts
│   │       └── user
│   │           ├── userSchema.ts
│   │           └── userService.ts
│   ├── client
│   │   ├── modules
│   │   │   ├── cart
│   │   │   ├── product
│   │   │   └── user
│   │   ├── shared
│   │   │   ├── components
│   │   │   └── layouts
│   │   └── styles
│   │       ├── globals.css
│   │       └── Home.module.css
│   ├── common
│   └── pages
│       ├── api
│       │   └── hello.ts
│       ├── _app.tsx
│       ├── _document.tsx
│       └── index.tsx
└── tsconfig.json```

while you're already using prisma and zod, my recommendation is to not reinvent the wheels and use the t3 stack instead https://create.t3.gg

1. see above
2. yes, otherwise let's say I use my postman to send a malformed request to the backend, how do you guard against that?
3. if you use trpc (part of t3 stack) then yes middleware-like behaviour is possible. If you want to use pure api routes then next-connect v1 is a good library for that

Ohh thank you very much I will take a look , so yes I must use the api routes as a best practice for safety and seperation of concern

I am also new to next

trpc (https://trpc.io) is a modified version of raw api routes that ensures full stack validation and typesafety, as well as a react-query client API, so I definitely recommend that over raw nextjs api routes