Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Use API Connect to Manage LoopBack APIs

DZone's Guide to

How to Use API Connect to Manage LoopBack APIs

Learn how to use Loopback with API Connect to track API use.

· Web Dev Zone
Free Resource

Never build auth again! Okta makes it simple to implement authentication, authorization, MFA and more in minutes. Try the free developer API today! 

LoopBack is a great Node.js framework for building APIs. In the easiest case business objects can be defined declaratively and LoopBack generates REST APIs, the documentation of the APIs, the persistence as well as a client side JavaScript APIs automatically. To take it one step further I used the new Bluemix service API Connect to manage these APIs.

As an example I used a simple sample application ‘Approval Requests’ built on the CLEAN stack. The sample is available as open source and comes with several APIs. In this blog article I focus on two of these APIs:

1. Login users, and

2. get a list of users which requires user authentication.

The API Connect service basically adds a layer on top of the LoopBack API implementation. Rather than calling the LoopBack APIs directly the APIs of the API Connect service are invoked. This allows the service to track usage of the APIs. Developers can use developer portals, register their applications and subscribe to API plans.

In the sample below I created the API definitions manually via the API Connect dashboard and used a proxy to forward the requests to the actual API implementations. In other words, what I describe here works the same way for other types of API implementations and not just for LoopBack.

First I defined the two paths and their input parameters. In the case of ‘login’ JSON is required which includes an user name and a password. The output is an access_token which is passed to all other API invocations to identify the authenticated user.

apiconnect3

The next screenshot shows how to enforce client ids. API consumers get their own client ids when registering applications in the developer portal. With the API Connect service you can also use additionally a client secret.

apiconnect4

In the next step I defined the assembly. In my case I simply use a proxy to my LoopBack application. The important parts are the two variables to make sure that the access_tokens are always forwarded and to map the paths defined in the API Connect service to the paths of the underlying API implementations.

 https://collaboration-farci-custard.mybluemix.net/api/$(request.path)?access_token=$(request.parameters.access_token) 


apiconnect5

In the developer portal API consumers can subscribe to API plans and invoke the two APIs.

apiconnect1

apiconnect2

API owners can see analytics of their APIs in the API Connect dashboard, for example how many APIs were invoked at which time by which application.

Launch your application faster with Okta’s user management API. Register today for the free forever developer edition!

Topics:
loopbackjs ,node js ,api

Published at DZone with permission of Niklas Heidloff, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}