LoopBack 4 offers thepackage out of the box, which provides an HTTP/HTTPS-based server calledRestServer for handling REST requests.

In order to use it in your application, your application class needs to extendRestApplication to provide an instance of RestServer listening on port 3000.The following example shows how to use RestApplication:

The REST server can be configured by passing a rest property inside yourRestApplication options. For example, the following code customizes the portnumber that a REST server listens on.

  1. const app = new RestApplication({
  2.   rest: {
  3.     port: 3001,
  4.   },
  5. });

There are a few options under rest.openApiSpec to configure how OpenAPI specis served by the given REST server.

  • servers: Configure servers for OpenAPI spec
  • setServersFromRequest: Set servers based on HTTP request headers, default tofalse
  • disabled: Set to true to disable endpoints for the OpenAPI spec. It willdisable API Explorer too.
  • endpointMapping: Maps urls for various forms of the spec. Default to:
  1.     {
  2.       '/openapi.json': {version: '3.0.0', format: 'json'},
  3.       '/openapi.yaml': {version: '3.0.0', format: 'yaml'},
  4.     }
  1. const app = new RestApplication({
  2.   rest: {
  3.     openApiSpec: {
  4.       servers: [{url: 'http://127.0.0.1:8080'}],
  5.       setServersFromRequest: false,
  6.       endpointMapping: {
  7.         '/openapi.json': {version: '3.0.0', format: 'json'},
  8.         '/openapi.yaml': {version: '3.0.0', format: 'yaml'},
  9.       },
  10.   },
  11. });

Configure the API Explorer

LoopBack allows externally hosted API Explorer UI to render the OpenAPIendpoints for a REST server. Such URLs can be specified with rest.apiExplorer:

  • url: URL for the hosted API Explorer UI, default tohttps://loopback.io/api-explorer.
  • httpUrl: URL for the API explorer served over plain http to deal with mixedcontent security imposed by browsers as the spec is exposed over http bydefault. See . Defaultto the value of url.

Disable redirect to API Explorer

To disable redirect to the externally hosted API Explorer, set the config optionrest.apiExplorer.disabled to true.

  1. const app = new RestApplication({
  2.   rest: {
  3.     apiExplorer: {
  4.       disabled: true,
  5.     },
  6.   },

Use a self-hosted API Explorer

Enabling HTTPS for the LoopBack REST server is just a matter of specifying theprotocol as https and specifying the credentials.

In the following app, we configure HTTPS for a bare minimum app using a key +certificate chain variant.

  1. import {RestApplication, RestServer, RestBindings} from '@loopback/rest';
  2. import * as fs from 'fs';
  4. export async function main() {
  5.   const options = {
  6.     rest: {
  7.       protocol: 'https',
  8.       key: fs.readFileSync('./key.pem'),
  9.       cert: fs.readFileSync('./cert.pem'),
  10.     },
  11.   };
  12.   const app = new RestApplication(options);
  13.   app.handler(handler => {
  14.     handler.response.send('Hello');
  15.   });
  16.   await app.start();
  18.   const url = app.restServer.url;
  19.   console.log(`Server is running at ${url}`);
  20. }

Customize CORS

is enabledby default for REST servers with the following options:

  1. {
  2.   origin: '*',
  3.   methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
  4.   preflightContinue: false,
  5.   optionsSuccessStatus: 204,
  6.   maxAge: 86400,
  7. }

The application code can customize CORS via REST configuration:

For a complete list of CORS options, seehttps://github.com/expressjs/cors#configuration-options.

Express settings

Override the default express settings and/or assign your own settings:

  1. const app = new RestApplication({
  2.   rest: {
  3.     expressSettings: {
  4.       'x-powered-by': false,
  5.       env: 'production',
  6.       ...
  7.     },
  8.   },
  9. });

Sometime it’s desirable to expose REST endpoints using a base path, such as/api. The base path can be set as part of the RestServer configuration.

  1. const app = new RestApplication({
  3.     basePath: '/api',
  4.   },
  5. });

The RestApplication and RestServer both provide a basePath() API:

  1. const app: RestApplication;
  2. // ...
  3. app.basePath('/api');

With the basePath, all REST APIs and static assets are served on URLs startingwith the base path.

Configure the router

The router can be configured to enforce strict mode as follows:

  • strict is true:
  • request /orders matches route /orders but not /orders/
  • request /orders/ matches route /orders/ but not /orders
  • strict is false (default)
  • request /orders matches route /orders first and falls back to /orders/
  • request /orders/ matches route /orders/ first and falls back to /ordersSee strict routing at for moreinformation.

Configure the request body parser options

We can now configure request body parser options as follows:

The value of rest.requestBodyParser will be bound toRestBindings.REQUEST_BODY_PARSER_OPTIONS. Seefor more details.

  1. import {Application} from '@loopback/core';
  2. import {RestServer} from '@loopback/rest';
  4. export class HelloWorldApp extends Application {
  5.   constructor() {
  6.     super();
  7.     // This server instance will be bound under "servers.fooServer".
  8.     this.server(RestServer, 'fooServer');
  9.     // Creates a binding for "servers.MQTTServer" and a binding for
  10.     // "servers.SOAPServer";
  11.     this.servers([MQTTServer, SOAPServer]);
  13. }

You can also add multiple servers in the constructor of your application classas shown here.

  • Learn more about