Express is minimal, so what a developer builds around it tells you everything. These questions probe middleware, error handling and how they structure a real API.
Hiring a Express.js developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.
Junior Express.js interview questions
0–2 years
Routing and middleware basics.
What is Express and what does it provide?
A minimal Node web framework for routing, middleware and HTTP handling, without prescribing structure.
Expects a batteries-included framework like Rails.
What is middleware in Express?
Functions with access to request, response and next that run in order to handle cross-cutting concerns.
Cannot explain the request pipeline.
What does next() do?
Passes control to the next middleware; forgetting it hangs the request, and next(err) jumps to error handling.
Forgets next() and requests hang.
How does routing work?
Methods like app.get/app.post map paths to handlers, with route params and query strings.
Confuses route params with query strings.
How do you parse a request body?
Body-parsing middleware (express.json()) populates req.body; without it the body is undefined.
Reads req.body without any parser configured.
How do you serve static files?
express.static serves a directory of assets efficiently.
Writes a handler to read files manually.
What is the difference between req.params, req.query and req.body?
Route parameters, query-string values, and the parsed request body respectively.
Mixes them up when reading input.
How do you send responses?
res.json, res.send, res.status; set the correct status code and content type.
Returns 200 for errors.
Mid-level Express.js interview questions
2–5 years
Errors, async and structure.
How does error-handling middleware work?
A middleware with four arguments (err, req, res, next) centralises error responses; it must be registered last.
Handles errors inconsistently in each route.
How do you handle errors in async route handlers?
Wrap async handlers so rejected promises reach the error middleware, or use a wrapper/try-catch; unhandled rejections crash or hang.
Lets async errors go uncaught.
How do you structure a larger Express app?
Routers per resource, a controller/service split, and middleware for cross-cutting concerns rather than one huge file.
One massive file with all routes and logic.
How do you validate and sanitise input?
Validation middleware/schemas at the boundary, rejecting bad input before it reaches business logic.
Trusts request input directly.
How do you handle authentication?
Middleware verifying sessions or tokens (e.g. JWT) and attaching the user to the request.
Re-checks auth logic in every handler.
How do you manage configuration and environments?
Environment variables loaded at startup, validated, with no secrets in code.
Hardcodes config and secrets.
How does CORS work and when do you configure it?
Middleware sets headers to allow specific cross-origin requests; permissive wildcards are a risk.
Enables * CORS on an authenticated API.
What order should middleware be registered in?
Order matters: body parsing and auth before routes, error handling last; misordering causes subtle bugs.
Registers error handling before routes.
Senior Express.js interview questions
5+ years
Performance, security and reliability.
How do you secure an Express API?
Helmet for headers, input validation, rate limiting, proper CORS, parameterised DB access, and no secrets in code.
No security middleware and unvalidated input.
How do you avoid blocking the event loop in handlers?
Keep handlers async and non-blocking, offload CPU work, and stream large responses.
Does heavy synchronous work per request.
How do you scale an Express service?
Stateless handlers, clustering or multiple containers behind a load balancer, and externalised session/state.
Stores sessions in memory and can’t scale out.
How do you implement observability?
Structured request logging, metrics, health endpoints and tracing across services.
Relies on console.log and no metrics.
How do you handle graceful shutdown?
Stop accepting new connections, finish in-flight requests, close DB pools, then exit on a termination signal.
Kills the process mid-request.
How do you implement rate limiting and abuse protection?
Middleware limiting requests per client, with a shared store (Redis) across instances.
In-memory limits that reset per instance.
When would you choose a fuller framework over Express?
When you want opinionated structure, DI and conventions (e.g. NestJS) for large teams; Express trades that for flexibility.
Insists raw Express scales to any team without structure.
How do you keep an Express codebase maintainable at scale?
Clear layering, typed code, consistent error handling, tests, and modular routers/services.
Giant files and copy-pasted route logic.
Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.