- Predefined remote methods
- Exposing and hiding models, methods, and endpoints
LoopBack models automaticaly have a standard set of HTTP endpoints that provide REST APIs for create, read, update, and delete (CRUD) operations on model data. The
public property in model-config.json specifies whether to expose the model's REST APIs, for example:
To "hide" the model's REST API, simply change
By default, the REST APIs are mounted to the plural of the model name; specifically:
plural, if defined in the Model definition JSON file.
- Automatically-pluralized model name (the default). For example, if you have a location model, by default it is mounted to
Using the REST Router
By default, scaffolded applications expose models over REST using the
To manually expose a model over REST with the
loopback.rest router, use the following code, for example:
After this, the
Product model will have create, read, update, and delete (CRUD) functions working remotely from mobile. At this point, the model is schema-less and the data are not checked.
For POST and PUT requests, the request body can be JSON, XML or urlencoded format, with the Content-Type header set to
application/json, application/xml, or application/x-www-form-urlencoded. The Accept header indicates its preference for the response format.
Passing JSON object or array using HTTP query string
Some REST APIs take a JSON object or array from the query string. LoopBack supports two styles to encode the object/array value as query parameters.
- Syntax from node-querystring (qs)
- Stringified JSON
The table below illustrates how to encode the JSON object/array can be encoded in different styles:
|JSON object/array for the filter object||qs style||Stringified JSON|
The response format for all requests is typically a JSON object/array or XML in the body and a set of headers. Some responses have an empty body. For example,
The HTTP status code indicates whether a request succeeded:
- Status code 2xx indicates success
- Status code 4xx indicates request related issues.
- Status code 5xx indicates server-side problems
The response for an error is in the following JSON format:
- message: String error message.
- stack: String stack trace.
- statusCode: Integer HTTP status code.
Disabling API Explorer
LoopBack API Explorer is great when you're developing your application, but for security reasons you may not want to expose it in production.
For an application using loopback-component-explorer, to disable explorer in production:
- Set the NODE_ENV environment variable to "production".
- Then in
Predefined remote methods
By default, for a model backed by a data source that supports it, LoopBack exposes a REST API that provides all the standard create, read, update, and delete (CRUD) operations.
As an example, consider a simple model called
Location (that provides business locations) to illustrate the REST API exposed by LoopBack. LoopBack automatically creates a number of Node methods with corresponding REST endpoints, including:
|Model (Node) API||HTTP Method||Example Path|
|destroyById() or deleteById()||DELETE||/locations/:id|
Exposing and hiding models, methods, and endpoints
To expose a model over REST, set the
public property to true in
Hiding methods and REST endpoints
If you don't want to expose certain CRUD operations, you can easily hide them by calling
disableRemoteMethod() on the model. For example, following the previous example, by convention custom model code would go in the file
common/models/location.js. You would add the following lines to "hide" one of the predefined remote methods:
deleteById() operation and the corresponding REST endpoint will not be publicly available.
For a method on the prototype object, such as
Here's an example of hiding all methods of the
MyUser model, except for
Read-Only endpoints example
You may want to only expose read-only operations on your model hiding all POST, PUT, DELETE verbs
Hiding endpoints for related models
To disable a REST endpoints for related model methods, use disableRemoteMethod().
For example, if there are post and tag models, where a post hasMany tags, add the following code to
/common/models/post.js to disable the remote methods for the related model and the corresponding REST endpoints:
To hide a property of a model exposed over REST, define a hidden property. See Model definition JSON file (Hidden properties).