We listen to you! For any feedback or request feel free to open an issue on github.

RESTHeart Platform 4.1


The permissions are stored in restheart.acl collection. This way permissions can be dynamically modified without requesting to server restart.

Permission documents have the following format:

    "roles": [ "admin", "user" ],
    "condition": "path[/inventory] and (method[POST] or method[GET])",
    "priority": 1,
    "filters": {
        "read": {"$or": [ {"status": "PUBLISHED"}, { "author": { "$var": "username" } } ] },
        "write": {"author": {"$var": "username" }}

This permission document means:

Allow POST and GET requests on path /inventoryfor users having role admin or user applying the following filters:

  • read requests: return documents having status=PUBLISHED or author=<username of the requesting user>
  • write requests: only allow requests having author=<username of the requesting user>

The filters properties allow to apply a filter (automatically added to the specified filter query parameter) to read and write requests. This allows to seamlessly partition data depending on user role.

RESTHeart Platform 4.2

Unified extensions API

Both restheart-platform-core and restheart-platform-security can be extended developing plugins.

Developing plugins involves implementing classes that extend interfaces and registering them.

RESTHeart Platform 4.2 will unify the extension API so that both core and security plugins will follow the same approach.

The new repository restheart-platform-plugins containing the plugin API will be released and distributed under the Apache License 2.0.

This will better clarify the legal implications of developing your custom extensions. Your extensions will only depend the more business friendly Apache License 2.0.

RESTHeart Platform 5.0

Admin Web App

The new service restheart-platform-admin will added to RESTHeart Platform. This is a web application to manage dbs, collections (including configuring extensions such as Transformers, Hooks, Checkers, etc), users and ACL, and reading and writing documents and files.

Upgrade to undertow 4.0

Both restheart-platform-core and restheart-platform-security will updated to use Undertow 4.0.

Undertow 4.0. will replace the underlying transport from XNIO to Netty.

From the undertow migration to Netty announcement on 12 April, 2019:

undertow 3.0 final version should be released in the next few months, however in the short term the 3.x branch will not provide the same level of API compatibility that Undertow has traditionally provided. As the Netty implementation is new this will allow us to potentially fix any issues we find with our approach without being locked in to supporting an API that is not ideal.

After a short 3.x cycle we are planning on releasing undertow 4.x that will provide API stability, in the same way that Undertow 1.x and 2.x have.