How to create a REST API with Node.js and LoopBack

how to API REST tutorial

In this post, we are going to learn how to use LoopBack Node.js framework  to create a fully functional REST API over MongoDB.

We will follow these steps:

1- Define the models in the database

2- Define the relations between models

3- Define users access levels


To follow this tutorial we will need NodeJS and MongoDB installed in our computer.


Install the LoopBack module.

Run Loopback and follow instructions.
Move to the new folder.
We are going to do an e-commerce API for the example. We want to to store all date in a persistent way into a MongoDB database that will have Clients, Products and Comments.

In order to do so, we need to specify the route of the database. As it is not created yet, will create a new folder and connect it to MongoDB.

Then, in another terminal, we run the Loopback commands to create the database

We’ll call it “ecommerce”

Once we generated the database, we can see the code generated by Loopback at the file model-config.json.

It is recommendable to change the attribute “dataSource”: “db” to the database we just created (“MongoDB”) at ACL,RoleMapping and Role.


To create a new collection (what would be a table), we’ll use the following command.

The way to define the data will be as the following example:

*In this case is not needed to define more attributes because we are extending the “User” class that already have username, password, email and other needed attributes.

Now we are going to define the “Product” collection.

Now, the comments:

Let’s add some Comments properties now.

Now we have all the collections defined, it’s time to define the relation between them.


Let’s review what we have done up to now.

On the one hand, we have the e-commerce Users and on the other hand we have the Products.

We also want the Users to post Comments about our Products.

So these would be the relations:

1- A product can have several comments.

2- A product can have several users commenting about it.

3- A comment belongs to determined product.


4- A user can post several comments.


5- A product can have several comments about it.

[insert schema here]

To define the relations between collections, we will use the following command:

1- A product can have several comments.

2- A product can have several users commenting about it.

3- A comment belongs to determined product.

4- A user can post several comments.

5- A product can have several comments about it.

With what we have done up to now

Up to this point, we already have the API and we can do some testing by this command.


Despite of this, we haven’t finished yet, as any user could use all the methods and CREATE and DELETE some data without any authentication, which drives us to the last step.


The first thing that we are going to do in this section is to create the users “admin” and “kike” (although you can change the last one for your username) and we will give to the administrator privileges to the user “admin”.

Loopback allows us to include a script that will run whenever we start the service, so we will use that to introduce these two users into the database.

So, we create a file at <our project folder>/server/boot/script.js and copy the following code:

This will create two new users. A regular user (Kike) and an Admin user (obviously, admin). After that we create a Role admin and bind them together.

Now, let’s restrict the some accesses for Authenticated users:

We will use the Loopback Access Control List (ACL) by using this command:

So first, let’s deny all kind of accesses:

Once we have done this, let’s enable GET (READ) accesses for autheticated users:

And finally, allow Admins to perform all operations:

Once we have done this, we finished and already have a fully functional REST API with Node.js.

We can run it and start playing with it with he following command:

Cool, isn’t it? Now you can relax, take a cup of coffee and tell your coworkers how hard you have been working.


Submit a Comment

Your email address will not be published. Required fields are marked *

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

Aviso de cookies