The api files are located in /api
The structure of these files is simple; there are a list of endpoints that connect directly to the relevant controller method.
Each controller call is wrapped in a HOC (higher order component) called use. This is a middleware function that catches any errors in the controller methods, and then passes these to a global error handler – this prevents you from having to use try...catch in your application.
You can protect any API route and make it accessible to only a specific user level using the auth.verify middleware method. You simply pass the user permission as a parameter.
api.get('/api/user', auth.verify('user'), use(userController.get));
Find out more about how authentication works in the next section.
API requests are globally rate limited as defined by the throttle settings in config. The following end points have their own rate limits for security purposes:
All API endpoints are rate limited by the configuration settings in config/default.json -> throttle. Specific endpoints like signup and sign-in have their own throttle settings for security.