IBM builds and maintains these Open-source solutions for the API developer community:

We also support these key technologies for API development:

  • Node.js - Node is for getting projects done quickly, to leverage the broad knowledge of JavaScript and to scale to the massive concurrency needed for mobile, IoT and next-generation web APIs.
  • Open API - Open standard for defining and describing your API.


LoopBack is a highly-extensible, open-source Node.js framework that enables you to:
  • Create dynamic end-to-end REST APIs with little or no coding.
  • Access data from major relational databases, MongoDB, SOAP, and REST APIs.
  • Incorporate model relationships and access controls for complex APIs.
  • Use separable components for file storage, third-party login, and OAuth 2.0.

COMING SOON: LoopBack 4, the next step in the evolution of LoopBack! A completely redesigned modular framework especially for API developers.

Getting started

Assuming you have already installed Node, install the LoopBack CLI tool:

$ npm install -g loopback-cli

To keep going, see Getting started on


The Microgateway is a developer-focused, extensible gateway framework written in Node.js for enforcing access to Microservices and APIs. It supports the following core features:

  • Secure and control access to APIs using Swagger (OpenAPI) Specification
  • Collection of pre-built gateway policies for API Key validation, OAuth 2.0, rate limiting, and JavaScript
  • Create gateway policies (security, routing, integration, etc... ) using Swagger extensions (API Assembly)
  • Simple interfaces for creating your own gateway policies.

The role of a Gateway in an API architecture is to protect, enrich and control access to API services. These sets of capabilities are often related to security and rate limiting, but it also includes the ability to do deeper message inspection. For example, you may want to insure that the message received is properly formed JSON, XML, or data following your own specific format. In addition, the Gateway can modify the payload or transform it to meet old or new interfaces for the API backend. Finally, the Gateway can invoke multiple services and aggregate responses from multiple API backends.

The Microgateway is the foundation for all of those things. It is optimized to perform security, rate limiting, and much more complex packet processing through a highly flexible flow-engine.

The flow-engine is a processing unit that allows you to define a sequence of processing policies or tasks that get applied to the transaction as it passes through the Gateway for a specific API. These policies may be organized in a linear fashion, executing in sequential order. Or, they may have conditional logic deciding which set of policies will execute depending on variables that are part of the API flow.

Getting Started

Following are the steps to install and run a stand alone microgateway

Step 1: Clone the microgateway repository

git clone 

Step 2: Populate all of the necessary dependencies for the project

cd microgateway
npm install 

Step 3: Change current working directory to the test directory

cd microgateway/test 

Step 4: Create a startup script that sets environment variables and starts up the Microgateway. The script file is a simple Node.js JavaScript file shown below. Create this file in the microgateway/test directory. CONFIG_DIR is the folder containing the YAML files with the API definitions that you wish to enforce.

'use strict';

var mg = require('../lib/microgw');
var fs = require('fs');

// config dir
process.env.CONFIG_DIR = __dirname + '/definitions/sample';
process.env.NODE_ENV = 'production';

Step 5: Create a yaml file to define the API. Place the yaml file in the folder identified by the CONFIG_DIR environment variable created in the startup script. For this example, we are creating the file sample_1.0.0.yaml in the microgateway/test/definitions/sample directory.

You can place several YAML files in this directory and the Microgateway will pull in and use them all.

# sample_1.0.0.yaml
  version: 1.0.0
  title: sample
  description: 'Sample laptop YAML'
basePath: /sample
swagger: '2.0'
          description: '200 OK'
      - javascript:
          title: 'Write a small JSON object'
          source: |
            message.body = { text : 'Hello World' };
  - http

Step 6: From the test directory, execute the command to start the Microgateway.

cd microgateway/test
node sample.js 

Step 7: Send a curl command to test the API. It should return the {“text”:”Hello World”} JSON object.

curl http://localhost:3000/sample/echo 

For more information on the internal specifics of the Microgatewayy, you may want to look at the microgateway/test directory. All middleware components have one or more test suites to exercise their interfaces and logic.

For more examples on how to add various policies to your API assembly, look in the microgateway/test/definitions directory. There are several swagger files that are used to test out the implementation.

For more information, see the GitHub repository


Maintained by the Node Foundation, Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. As the Foundation describes, "As an asynchronous event driven JavaScript runtime, Node is designed to build scalable network applications."

For more information, see Node.js

Open API

The Open API Initiative (OAI) was created by a consortium of forward-looking industry experts who recognize the immense value of standardizing on how REST APIs are described. As an open governance structure under the Linux Foundation, the OAI is focused on creating, evolving and promoting a vendor neutral description format. SmartBear Software has donated the Swagger Specification directly to the OAI as the basis of this Open Specification. The current version of the OpenAPI specification is OpenAPI Specification 3.0.1.

APIs form the connecting glue between modern applications. Nearly every application uses APIs to connect with corporate data sources, third party data services or other applications. Creating an open description format for API services that is vendor neutral, portable and open is critical to accelerating the vision of a truly connected world.

For more information, see