

Comparing Express, Restify, hapi and LoopBack for building RESTful APIs - alexgorbatchev
http://strongloop.com/strongblog/compare-express-restify-hapi-loopback/

======
danpalmer
So let's look at the Richardson Maturity Model, a quick and easy way to
evaluate how RESTful these are.

1\. Resource - yep, they have this concept to some extent, although additional
support for metadata in headers would be nice. (i.e. automatically doing last-
modified, etc)

2\. HTTP verbs - yep, they all do this quite niecly.

3\. Hypermedia controls. Nope.

In my opinion, levels 1 and 2 are really just developer convenience, they make
for nicer APIs to develop with, but don't necessarily add a huge amount over
RPC or something else as far as the code goes.

The massive benefit of REST comes in level 3. When you have APIs that are
self-descriptive, and consumers that adapt to changes in APIs in the same way
that we (people) adapt to changes in the structure of web pages, that's when
things get really interesting, that's where the major advantages lie.

Unfortunately, I haven't seen good support for level 3 in a Node.js framework
yet, although I'll admit I haven't had a good look for a few months. As far as
I can remember, Rails isn't a huge amount better in terms of native support,
although I'm sure there are gems which will help.

So far, the best I've seen at a framework for making RESTful APIs is the
Django Rest Framework: [http://www.django-rest-
framework.org/](http://www.django-rest-framework.org/). It has really good
support for hypermedia controls.

Steve Klabnik wrote a good post on the topic of RESTful APIs, and having seen
them being used, I really do think they are valuable: [http://www.django-rest-
framework.org/](http://www.django-rest-framework.org/)

Also, I find the example in this talk about Hypermedia APIs to be an
incredibly elegant implementation, and a case of a really well designed API:
[http://vimeo.com/20781278](http://vimeo.com/20781278)

------
eigenrick
It looks like it handles Authentication and Authorization by providing a
standard User model and passing tokens into the data layer. This is better
than most REST SDKs, which tend to defer the entire problem to "something
else".

The downside is all of that unnecessary redundancy that we avoided in the demo
now has to be created if we want proper access control. It would be nice to
assign roles to users, and declaratively state which roles could access which
verbs for which models.

~~~
eigenrick
Dammit, RTFM.

Here:
[http://docs.strongloop.com/display/DOC/Controlling+data+acce...](http://docs.strongloop.com/display/DOC/Controlling+data+access)
is pretty much exactly what you asked for.

------
rmgraham
Maybe I'm weird, but I think I actually prefer the Express example. When I
used Rails I found the biggest learning curve was actually learning how to get
around the magic when necessary, leaving me craving something more like
Sinatra, which Express is heavily modelled after.

From all I've heard about hapi, I expected the hapi example to be closer to
the LoopBack example. Is there a hapi user who can chime in?

~~~
skawful
Agreed. Back when I was working on rails type projects we always wished we
could just drop down into sinatra-ish APIs for certain things that didn't
align with the "rails way".

Thats a +1 for LoopBack - its built on and extends express. You can drop from
the magic into a barebones express route if you want:

[http://apidocs.strongloop.com/loopback/#var-app-
loopback](http://apidocs.strongloop.com/loopback/#var-app-loopback)

