Recipes to Build REST APIs with Node.js

I want to share with you some Node.js packages, tools and utilities that I commonly use to create REST APIs. I have divided them in 3 sections: Core Frameworks, Useful packages and libraries, Development and testing packages and tools.

Core Frameworks

The Core Frameworks section lists the main framework that can be used to develop the core of your REST API.


First of all you need a Web Framework. You can find a lot of good web framework for Node... but I like Express for its simplicity, minimalism and principally for the large number of extension and middlewares that you can find with npm. I suggest to read the Express documentation, it is clear and well done.

MongoDB and Mongoose

Usually you need to store data on a database. We are using nodejs and javascript, so probably the best choice is to use a database that uses JSON. Personally I use MongoDB with Mongoose as the object modeling framework.

Mongoose provides a straight-forward, schema-based solution to model your application data. It includes built-in type casting, validation, query building, business logic hooks and more, out of the box. They are very useful both to organize your data and to use and manipulate it.

Express, MongoDB and Mongoose are enough to get started. You can build very simple CRUD APIs with them. Build a RESTful API Using Node and Express 4 is very good tutorial that may help you.

Authentication (and Authorization)

You can add authentication (and also and authorization framework) to your APIs in different ways. Using a simple login flow with express sessions is probably the simplest choice.

However cookies and sessions are very good to build common web applications (accessible with a simple browser), but if you want real RESTFull APIs you need other types of authentication.

Personally I use Passport as my authentication middleware. It is extremely flexible and modular. Passport can be unobtrusively dropped in to any Express based application. A comprehensive set of strategies support authentication using a username and password, Facebook, Twitter, and more.

One of very useful Passport strategy is HTTP Bearer. This strategy let you authenticate HTTP requests using bearer tokens. Bearer tokens are typically used protect API endpoints, and are often issued using OAuth 2.0.

To create and verify the access token you can use the JsonWebToken standard. A simple tutorial to get started with JWT is Authenticate a Node.js API with JSON Web Tokens.

Useful packages and libraries

Here is a list of useful packages that I used commonly. Note that some of these implement features that are now available natively.


Async is a utility module which provides straight-forward, powerful functions for working with asynchronous JavaScript.


Underscore is a JavaScript library that provides a whole mess of useful functional programming helpers without extending any built-in objects.


Validator is a library of string validators and sanitizers.


Cors is a package that provides an Express/Connect middleware to enable Cross Origin Resource Sharing (CORS) with various options.


REST-bac is a REST based access control list middleware for expressjs


Q is a library for creating and composing asynchronous promises in JavaScript

Development and testing packages and tools

This section lists some tools useful during the development of Express REST APIs.


Gulp is a toolkit that will help you automate painful or time-consuming tasks in your development workflow.


Mocha is a JavaScript test framework making asynchronous testing simple and fun. Mocha tests run serially, allowing for flexible and accurate reporting, while mapping uncaught exceptions to the correct test cases.


Supertest is a module that provide an high-level abstraction for testing HTTP, while still allowing you to drop down to the lower-level API provided by super-agent.

Andrea Tarquini

IT Geek, Full Stack Developer, Programming Language Polyglot and IT security fan.