Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
dominiklessel Merge pull request #7 from rot26/master
fixed minor spelling mistakes in README
Latest commit 598cd52 Jan 26, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Added: Bools to turn on/off Auth/ACL Jul 14, 2014
helpers renamed "empty" files to [.gitkeep] Jul 26, 2016
logs renamed "empty" files to [.gitkeep] Jul 26, 2016
middleware Refactoring: Respect new jscs conventions Apr 4, 2015
plugins 🚑 Use _.find() instead of _.where() Feb 7, 2017
test Refactoring: Respect new jscs conventions Apr 4, 2015
.eslintrc Fixed an issue in [.eslintrc] for the value of "no-extra-boolean-cast" Jul 26, 2016
.jscsrc Added: JSCS Apr 4, 2015
.npmrc Added a [.npmrc] file and updated private to false in [package.json] Jul 26, 2016
.travis.yml Fix: Travis CI Sep 11, 2014
LICENSE spelling Apr 4, 2015
Makefile Fix: Travis CI Sep 11, 2014
npm-shrinkwrap.json 1.1.7 Feb 7, 2017
package.json 1.1.7 Feb 7, 2017

restify Boilerplate

Dependency Status Build Status Code Climate

Get your restify API up and running in no time :) Most of the things the boilerplate does should be self-explaining. If not: AMA

I included a custom authorization plugin, which is enabled by default. Feel free to modify its settings inside config/global.json



Making CORS work properly if you use custom headers is not always straightforward (restify / Issue #284). The boilerplate provides a helper, which takes care of MethodNotAllowed responses in conjunction with preflight requests + custom headers.

Authorization (v1.1.0)

Enable via config.Security.UseAuth

Every request you make must be authenticated. The REST API uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication.

The value of the Authorization header is as follows:

Authorization: <Config/Security/Scheme> <AccessKey>:<Signature(Base64(HMAC-SHA1(UTF-8(<String to Sign>), UTF-8(<SecretAccessKey>))))>

AccessKey: Provided by config/global.json SecretAccessKey: Provided by config/global.json String to Sign: Value of the <Config/Security/StringToSign> header

You can find an example in the examples/client branch.

ACL (v1.1.0)

Enable via config.Security.UseACL

The Boilerplate now supports ACL via node_acl. Take a look at config/global.json for configuration ...


By default node-bunyan is used for logging to a file (./logs/{{NODE_ENV}}-{{SERVER:NAME}}.log). Additionally sending logs to Loggly is supported (take a look at the config file).


NODE_ENV is not yet used to allow different configurations for development / production. The only thing it does is disabling the Auth- and CORS-Plugin in development.

$ NODE_ENV=production node server


$node server
You can’t perform that action at this time.