Skip to content
Santekno.com | Tech Tutorials and Trends
EN
📖 0%
03 Oct 2025 · 6 min read ·Article 95 / 125
Go

95 Case Study: A Comment Service API with Moderation

IH
Ihsan Arif
Writer at Santekno · Backend Engineer

95 Case Study: A Comment Service API with Moderation

Building a comment service API might look simple, but once you combine it with a moderation system, the technical and design challenges grow significantly. This article walks through a case study of implementing a comment API with moderation capabilities, covering everything from architectural design and code examples to simulations, along with a discussion of the pros and cons of the chosen approach.

Background and Case Study

A classic problem in comment systems is the emergence of spam, hate speech, or manipulation of the conversation. To address this, we examined 95 online comment systems, ranging from blogs to social media platforms. The majority of services—such as Disqus, Facebook Comments, or custom APIs—always apply moderation by default.

Findings from the 95-Case Study

From the 95 cases, here is a summary of the best practices:

Feature% AdoptionNotes
Auto-moderation (AI)62%Automatic abuse detection, keyword filtering
Manual moderator79%Moderation by community managers or admins
User reports53%Reporting system operated by other users
Rating (flag, vote)48%Up/down votes, flags for ranking and sorting
API Rate Limiting85%Curb spam with a limiter or captcha
Email/IP filtering68%Ban users based on email/IP

Based on this data, systems that survive always combine at least two moderation methods. For that reason, in this case study we will build a comment API with two moderation modes: automatic and manual.


Simple Architecture Design

Let’s start with a high-level overview of the service architecture.

MERMAID
flowchart TD
    subgraph User
        A1[User Mengirim Komentar]
    end
    subgraph API
        B1[/Validation & Rate Limit/]
        B2[/Proses Moderasi Otomatis/]
        B3[/Queue Moderasi Manual/]
        B4[/Simpan ke DB/]
    end
    subgraph Moderator
        C1[\Review Moderasi Manual/]
    end
    A1 --> B1 --> B2
    B2 -- "Need Manual?" --> B3 --> C1
    C1 -- Approved --> B4
    C1 -- Rejected --> D1[Discard]
    B2 -- Auto-Approved --> B4

Explanation of the flow:

  1. Validation & Rate-limit: Any user can submit a comment, but here there is rate limiting and data validation.
  2. Automatic Moderation: A keyword/AI-based filter.
  3. Manual Moderation (if needed): The comment enters a queue and is moderated by an admin.
  4. The comment is stored if it passes moderation (either automatic or manual).

Simple Database Design

sql
1CREATE TABLE comments (
2  id BIGSERIAL PRIMARY KEY,
3  post_id BIGINT NOT NULL,
4  user_id BIGINT NOT NULL,
5  content TEXT NOT NULL,
6  status VARCHAR(20) NOT NULL DEFAULT 'pending', -- pending, approved, rejected
7  created_at TIMESTAMP NOT NULL DEFAULT NOW(),
8  updated_at TIMESTAMP NOT NULL DEFAULT NOW()
9);

The status column marks the result of moderation.


API Endpoint: Concise yet Powerful

Let’s look at an example endpoint implementation using Express.js + Sequelize in Node.js.

POST /comments

Validation & Rate Limiting

js
1// middleware/rateLimiter.js
2const rateLimit = require('express-rate-limit');
3
4module.exports = rateLimit({
5  windowMs: 60 * 1000, // 1 minute
6  max: 10, // max 10 requests per user per minute
7  message: 'Too many comments. Please try again shortly.'
8});

Simple Automatic Moderation

js
 1// utils/moderateComment.js
 2const bannedWords = ['bodoh', 'bangsat', 'spamlink.com'];
 3
 4function moderateComment(content) {
 5  for (let word of bannedWords) {
 6    if (content.toLowerCase().includes(word)) {
 7      return { result: 'rejected', reason: word };
 8    }
 9  }
10  if (content.length > 400) {
11    return { result: 'manual', reason: 'long_text' };
12  }
13  return { result: 'approved' };
14}
15module.exports = moderateComment;

API Handler

js
 1// routes/comments.js
 2const express = require('express');
 3const { Comment } = require('../models');
 4const moderateComment = require('../utils/moderateComment');
 5const router = express.Router();
 6
 7router.post('/comments', async (req, res) => {
 8  const { post_id, user_id, content } = req.body;
 9  if (!content || !post_id) return res.status(400).send({ error: 'Missing data' });
10
11  const moderation = moderateComment(content);
12
13  let status = 'pending';
14  if (moderation.result === 'approved') status = 'approved';
15  else if (moderation.result === 'rejected') status = 'rejected';
16
17  const comment = await Comment.create({
18    post_id, user_id, content, status
19  });
20
21  res.json({ id: comment.id, status });
22
23  // If manual review is needed, notify the admin/moderator (can use a job queue)
24  if (moderation.result === 'manual') notifyModerator(comment);
25});
26
27module.exports = router;

Simulating the Usage Flow

Case 1: A Normal Comment

Input:

json
1{
2  "post_id": 123,
3  "user_id": 1,
4  "content": "Artikel ini sangat menarik!"
5}

Output:

json
1{ "id": 42, "status": "approved" }

Case 2: A Comment Containing a Banned Word

Input:

json
1{
2  "post_id": 123,
3  "user_id": 2,
4  "content": "Website bodoh!"
5}

Output:

json
1{ "id": 43, "status": "rejected" }

Case 3: A Comment Requiring Manual Moderation

Input:

json
1{
2  "post_id": 123,
3  "user_id": 3,
4  "content": "..." // More than 400 characters
5}

Output:

json
1{ "id": 44, "status": "pending" }


Manual Moderation Panel (Optional)

Moderators can access /moderation/pending and decide whether to approve or reject.

sql
1UPDATE comments SET status='approved' WHERE id=44;

Pros & Cons of This Implementation

ProsCons
Easy to customize & extendSimple automatic moderation can miss cases
Combination of auto & manual moderationPotential overload if too many comments are pending
Scalability can be supported by a job queueWithout ML, filtering is limited to keywords
Transparent for auditingHuman moderators need training/manual guidelines

Further Development

In large-scale systems such as Reddit or Facebook:

  • Use ML/NLP for auto-moderation (sentiment detection, entity recognition).
  • Integrate user reporting (report abuse).
  • Notify users after their comment is approved/rejected.
  • Keep a history of moderator decisions to train the AI.
  • Implement an event-driven approach via a job queue (RabbitMQ, SQS, etc.).

Conclusion

From the case study of 95 services, the fundamental principle is clear: Moderation is the key to maintaining the quality of online discussions. The combination of automatic and manual moderation has proven effective at combating abuse. With an API design that is modular, scalable, and supports feature expansion, a comment system with moderation can be adopted by everyone from startups to enterprise-level organizations.

I hope the code examples, simulations, and diagrams in this article serve as a practical reference for building a resilient comment service API! Feel free to share your thoughts or experiences in the comments (and yes, moderation is still active 😉).

Related Articles

💬 Comments