I want to share with you some Node.js packages, tools and utilities that I commonly use to create REST APIs. I have divided them in 3 sections: Core Frameworks, Useful packages and libraries, Development and testing packages and tools.
The Core Frameworks section lists the main framework that can be used to develop the core of your REST API.
First of all you need a Web Framework. You can find a lot of good web framework for Node... but I like Express for its simplicity, minimalism and principally for the large number of extension and middlewares that you can find with npm. I suggest to read the Express documentation, it is clear and well done.
MongoDB and Mongoose
Mongoose provides a straight-forward, schema-based solution to model your application data. It includes built-in type casting, validation, query building, business logic hooks and more, out of the box. They are very useful both to organize your data and to use and manipulate it.
Express, MongoDB and Mongoose are enough to get started. You can build very simple CRUD APIs with them. Build a RESTful API Using Node and Express 4 is very good tutorial that may help you.
Authentication (and Authorization)
You can add authentication (and also and authorization framework) to your APIs in different ways. Using a simple login flow with express sessions is probably the simplest choice.
However cookies and sessions are very good to build common web applications (accessible with a simple browser), but if you want real RESTFull APIs you need other types of authentication.
Personally I use Passport as my authentication middleware. It is extremely flexible and modular. Passport can be unobtrusively dropped in to any Express based application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.
One of very useful Passport strategy is HTTP Bearer. This strategy let you authenticate HTTP requests using bearer tokens. Bearer tokens are typically used protect API endpoints, and are often issued using OAuth 2.0.
Useful packages and libraries
Here is a list of useful packages that I used commonly. Note that some of these implement features that are now available natively.
Validator is a library of string validators and sanitizers.
Cors is a package that provides an Express/Connect middleware to enable Cross Origin Resource Sharing (CORS) with various options.
REST-bac is a REST based access control list middleware for expressjs
Development and testing packages and tools
This section lists some tools useful during the development of Express REST APIs.
Gulp is a toolkit that will help you automate painful or time-consuming tasks in your development workflow.