Wednesday, December 30, 2015

LoopBack for ScrumTime?

Should I use LoopBack instead of roll-your-own API for ScrumTime?

This post and at least one more in the future are intended to document my findings on this subject.

First of all, what is LoopBack?

LoopBack is an open source Node.js API framework created by StrongLoop, Inc.  It provides a quick and easy way to stand up a REST API that is backed by an in-memory database, Oracle, MySQL, SQL Server, MongoDB, PostgreSQL, Redis, or Cloudant.

Quick and Easy, Famous Last Words, Right?

While the 'quick and easy' aspect is appealing, I also want a framework that is open, secure, flexible, and scalable.  Based on my first impressions with LoopBack and the free tools from StrongLoop, I am pretty happy with the 'quick and easy' promise.  I spent only one hour getting the following API stood up against the ScrumTime 0.9 Beta1 SQL Server database.



The products endpoint is as follows:

http://localhost:3000/api/Products

[{"productid": 0,"name": "Test Product","description": "Just a test"},{"productid": 1,"name": "Sample Inventory","description": "A sample product for demonstration purposes."},{"productid": 7,"name": "Android GeoCache","description": "A sample product for demonstration purposes."}]

Is it really open?  Really?

Well, the source may be found at https://github.com/strongloop/loopback.  It appears this is the entire set of source required to build it.  They also use waffle.io to manage the project at: https://waffle.io/strongloop/loopback. Therefore, it seems pretty open to me.  

Is it secure?

So far I have only scratched the surface of what the capabilities are documented to be in terms of authentication, authorization, and auditing.  I will need to cover this further in my next post as ScrumTime will be using all three.

The questions that I will address in the weeks to come include:

  • Is it possible to put business logic in the API layer?
  • How can role-based access controls be implemented in the API?
  • Is it possible to do push notifications and if so, how?
  • How can 3rd party login providers be used such as Facebook, Google, or GitHub?

2 comments: