Meteor Restivus : Create Smart API’s Fast

After discussing for a long with our Mentor Inderpreet Singh, we decided to leave the approach of developing the single application containing both the frontend and backend of the application because it becomes difficult to open the mirrored site directly in the Meteor Application. So we decided to separate the backend and frontend application.

Frontend Application

What now is decided is create a separate application for adding a toolbox to the websites by appending a script tag either using cat command or by using node to append files. What the script tag will do is add the toolbox in the website I am mirroring to provide annotation capabilities to the website.

Backend Application

So the other application is going to act as API for holding users data or holding the information about the annotations etc. Means it just will be going to act as a database to hold the data and provide API to frontend application (the app which is going to mirror the website and annotate it). In other words, the backend application will now just be an API which provides database operations and some other node commands to be run. For that, I was recommended to use Meteor Restivus.

Meteor Restivus 

Meteor restivus is a server-only package. Attempting to access any of its methods from the client will result in an error. So to access the API methods you need sometimes need authorized or sometimes unauthorized calls to the endpoints using AJAX, Axios or Fetch API.


Just to clarify some terminology of the API:

(HTTP) Method:

  • The type of HTTP request (e.g., GET, PUT, POST, etc.)


  • The function executed when a request is made at a given URL path for a specific HTTP method


  • A URL path and its set of configurable endpoints

Read about few other things on the documentation of the Meteor Restivus, difficult to pick when you have never created any API for application ever.

Configuration Options of Meteor Restivus

The following configuration options are available when initializing an API using new Restivus(options).

  • Object
    • token String
      • Default: 'services.resume.loginTokens.hashedToken'
      • The path to the hashed auth token in the Meteor.user document. This location will be checked for a matching token if one is returned in auth.user().
    • user Function
      • Default: Get user ID and auth token from X-User-Id and X-Auth-Token headers
        function() {
          return {
            userId: this.request.headers['x-user-id'],
            token: Accounts._hashLoginToken(this.request.headers['x-auth-token'])
      • Provides one of two levels of authentication, depending on the data returned. The context within this function is the endpoint context without this.user and this.userId (well, that’s what we’re working on here!). Once the user authentication completes successfully, the authenticated user and their ID will be attached to the endpoint context. The two levels of custom authentication and their required return data are:
        • Partial auth
          • userId: The ID of the user being authenticated
          • token: The auth token to be verified
          • If both a userId and token are returned, Restivus will hash the token, then, authentication will succeed if the hashedToken exists in the given Meteor.user document at the location specified in auth.token
        • Complete auth
          • user: The fully authenticated Meteor.user
          • This is your chance to completely override the user authentication process. If a user is returned, any userId and token will be ignored, as it’s assumed that you have already successfully authenticated the user (by whatever means you deem necessary). The given user is simply attached to the endpoint context, no questions asked.

        For either level of auth described above, you can optionally return a custom error response by providing that response in an error field of your response object. The error value can be any valid response. If an error field exists in the object returned from your custom auth function, all other fields will be ignored. Do not provide an error value if you intend for the authentication to pass successfully.

  • Endpoint
  • Default: undefined
  • If an endpoint is provided, it will be used as the OPTIONS endpoint on all routes, except those that have one manually defined. This can be used to DRY up your API, since OPTIONS endpoints will frequently respond generically across all routes.
  • Boolean
  • Default: true
  • If true, enables cross-origin resource sharing (CORS). This allows your API to receive requests from any domain (when false, the API will only accept requests from the domain where the API is being hosted. Note: Only applies to requests originating from browsers).
  • Function
  • Default: undefined
  • A hook that runs once a user has been successfully logged into their account via the /login endpoint. Context is the same as within authenticated endpoints. Any returned data will be added to the response body as data.extra.
  • Function
  • Default: undefined
  • Same as onLoggedIn, but runs once a user has been successfully logged out of their account via the /logoutendpoint. Context is the same as within authenticated endpoints. Any returned data will be added to the response body as data.extra.
  • Boolean
  • Default: false
  • If true, render formatted JSON in response.
  • Boolean
  • Default: false
  • If true, POST /login and GET /logout endpoints are added to the API. See [Authenticating] (#authenticating) for details on using these endpoints.

From tomorrow on implementation has to be started with the Meteor Restivus. Looking great package to build API’s.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s