The NODEJS SDK integration guide for APIToolkit. It monitors incoming traffic, gathers the requests, and sends the request to the API toolkit servers.
Run the following command to install the package from your projects root:
npm install apitoolkit-express
Intialize apitoolkit into your project is as simple as :
import { APIToolkit } from 'apitoolkit-express';
const apitoolkitClient = await APIToolkit.NewClient({ apiKey: '<API-KEY>' });
where <API-KEY>
is the API key which can be generated from your apitoolkit.io accoun
Next, you can use the apitoolkit middleware for your respective routing library.
Eg, for express JS, your final code would look like:
app.use(apitoolkitClient.expressMiddleware);
where app is your express js instance.
Your final could might look something like this especially on typescript:
import { APIToolkit } from 'apitoolkit-express';
import express from 'express';
const app = express()
const port = 3000;
const apitoolkit = await APIToolkit.NewClient({
apiKey: '<API-KEY>', // Required: API Key generated from apitoolkit dashboard
});
app.use(apitoolkit.expressMiddleware);
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});
If you're unable to use await at the top level, then you could wrap your apitoolkit and express initialization logic in a closure.
Also notice the .default
at the end of the require, to access the default export of the SDK.
const APIToolkit = require('apitoolkit-express').default;
const express = require('express');
const app = express()
const port = 3000;
(async function () {
const apitoolkit = await APIToolkit.NewClient({ apiKey: '<API-KEY>' });
app.use(apitoolkit.expressMiddleware);
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});
})();
While it's possible to mark a field as redacted from the apitoolkit dashboard, this client also supports redacting at the client side. Client side redacting means that those fields would never leave your servers at all. So you feel safer that your sensitive data only stays on your servers.
To mark fields that should be redacted, simply add them to the apitoolkit config object. Eg:
const APIToolkit = require('apitoolkit-express').default;
const express = require('express');
const app = express()
const port = 3000;
(async function () {
const apitoolkitClient = await APIToolkit.NewClient({
apiKey: '<API-KEY>',
redactHeaders: ['Content-Type', 'Authorization', 'Cookies'], // Specified headers will be redacted
redactRequestBody: ['$.credit-card.cvv', '$.credit-card.name'], // Specified request bodies fields will be redacted
redactResponseBody: ['$.message.error'], // Specified response body fields will be redacted
});
app.use(apitoolkitClient.expressMiddleware);
app.get('/', (req, res) => {
res.send('Hello World!');
});
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});
})();
It is important to note that while the redactHeaders
config field accepts a list of headers(case insensitive), the redactRequestBody
and redactResponseBody
expect a list of JSONPath strings as arguments.
The choice of JSONPath was selected to allow you have great flexibility in descibing which fields within your responses are sensitive. Also note that these list of items to be redacted will be aplied to all endpoint requests and responses on your server. To learn more about jsonpath to help form your queries, please take a look at this cheatsheet: https://lzone.de/cheat-sheet/JSONPath
Working with file uploads using the multer
package is quite straightforward and requires no manual intervention, making it seamless to send multipart/form-data requests to APIToolkit.
However, if you choose to employ formidable
for managing file uploads, a more hands-on approach becomes necessary to ensure proper data transmission to APIToolkit. Without manual intervention, no data is dispatched, potentially hindering the accurate monitoring of the endpoint. To enable this functionality, developers must attach both the fields
and files
extracted from the form.parse
method to the request object.
For instance:
import express from 'express';
import { APIToolkit } from 'apitoolkit-express';
import formidable from 'formidable';
const app = express();
const client = await APIToolkit.NewClient({
apiKey: '<API_KEY>',
});
app.use(client.expressMiddleware);
app.post('/upload-formidable', (req, res, next) => {
const form = formidable({});
form.parse(req, (err, fields, files) => {
// Attach fields to request body
req.body = fields;
// Attach files
req.files = files;
res.json({ message: 'Uploaded successfully' });
});
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
By executing this procedure, APIToolkit gains access to non-redacted fields and files, thereby enhancing the precision of monitoring and documentation processes. This method ensures that all necessary data is accessible and correctly relayed to APIToolkit for thorough analysis and documentation.
Simply wrap your axios instance with the APIToolkit observeAvios function.
import {observeAxios} from 'apitoolkit/axios';
const response = await observeAxios(axios).get(`${baseURL}/user_list/active`);
If you're making requests to endpoints which have variable urlPaths, you should include a wildcard url of the path, so that apitoolkit groups the endpoints correctly for you on the dashboardL:
import {observeAxios} from 'apitoolkit/axios';
const response = await observeAxios(axios,'/users/{user_id}').get(`${baseURL}/users/user1234`);
There are other optional arguments you could pass on to the observeAxios function, eg:
import {observeAxios} from 'apitoolkit/axios';
const redactHeadersList = ["Content-Type", "Authorization"]
const redactRequestBodyList = ["$.body.bla.bla"]
const redactResponseBodyList = undefined
const response = await observeAxios(axios,'/users/{user_id}', redactHeadersList, redactRequestBodyList, redactResponseBodyList).get(`${baseURL}/users/user1234`);
Note that you can ignore any of these arguments except the first argument which is the axios instance to observe. For the other arguments, you can either skip them if at the end, or use undefined as a placeholder.
APIToolkit detects a lot of API issues automatically, but it's also valuable to report and track errors. This helps you associate more details about the backend with a given failing request. If you've used sentry, or rollback, or bugsnag, then you're likely aware of this functionality.
Within the context of a web request, reporting error is as simple as calling the apitoolkit ReportError function.
import {ReportError} from 'apitoolkit';
try {
const response = await observeAxios(axios).get(`${baseURL}/ping`);
} catch(error){
ReportError(error)
}
This works automatically from within a web request which is wrapped by the apitoolkit middleware. But if called from a background job, ReportError will not know how to actually Report the Error. In that case, you can call ReportError, but on the apitoolkit client, instead.
import APIToolkit from 'apitoolkit-express';
const apitoolkitClient = await APIToolkit.NewClient({ apiKey: '<API-KEY>' });
try {
const response = await observeAxios(axios).get(`${baseURL}/ping`);
} catch(error){
apitoolkitClient.ReportError(error)
}