RESTHeart works out-of-the-box by merely installing and configuring it.
It comes with a complete MongoDB API and a security implementation that allows to authenticate users and authorize requests according to a role-based policy.
These functionalities are actually provided by the standard plugins that are distributed with RESTHeart. If you look at the
./plugins directory you’ll find them:
├── plugins │ ├── restheart-mongodb.jar │ └── restheart-security.jar
restheart-mongodb.jar implements the
MongoService that provides the MongoDB REST API.
restheart-security.jar implements the standard security plugins described in the Securing Requests section.
On the other side, real applications often need the API to be extended in some way.
Plugins allow to extend RESTHeart:
- Services extend the API adding web services.
- Interceptors snoop and modify requests and responses at different stages of the request lifecycle.
- Initializers execute initialization logic at system startup time.
It is also possible developing security plugins to customize the security layer. Refer to Develop Security Plugins for more information.
In short, you can develop in java plugins and deploy them copying the jar files to the
Have a look at the GitHub repository restheart-examples for some examples.
The proxy microservice pattern
If you are not familiar with java, there is a different approach that can help you extending the API using the proxying feature.
You can add a side microservice, for instance using NodeJs, that implements a Web Service. This microservice can execute requests to RESTHeart if it needs to read or write data to MongoDB.
You can then proxy it via RESTHeart so that it is protected under the same security domain of RESTHeart.
Add the following section to the
restheart.yml configuration file to proxy call to the RESTHeart’s URI
/anything to the web resource
proxies: - location: /anything proxy-pass: https://httpbin.org/anything name: anything