The api file is located at /api.js
The structure of this file is simple; there are a list of endpoints that connect directly to the relevant controller method.
Each controller call is wrapped in a HOC (higher order component) called use. This is a middleware function that catches any errors in the controller methods, and then passes these to a global error handler – this prevents you from having to use try...catch in your application.
You can protect any API route and make it accessible to only a specific user level using the auth.verify middleware method. You simply pass the user permission as a parameter.
api.get('/api/user', auth.verify('user'), use(userController.get));
Find out more about how authentication works in the next section.