The REST API is built using Express. The code can be found in the
When running Crossfeed locally, the REST API is served from the container
crossfeed_backend_1. We use the following technologies
on the backend:
- Serverless Framework
src folder contains all the code for the REST API. Most endpoints are located
src/api directories, while database models are in the
Most endpoints have tests, which are located in the
serverless.yml file contains configuration for REST API deployment. The REST API
is deployed as a single lambda function that serves multiple routes through API Gateway
To configure properties for the REST API, you can modify
environment variables in
.env in the root directory.
If you need to configure the REST API for deployment, you should update the
env.yml file. You may also need to update parameters in AWS SSM, as several
environment variables use values that are stored in SSM.
Once a user logs in either with Cognito or login.gov, they call the
/auth/callback on the REST API
with their credential from either provider.
The REST API then verifies the credential and issues the user a JWT. The user uses this server-provided JWT
to authenticate any future requests to the Crossfeed API by passing the JWT in the
One can also pass an API Key in the
Authorization header when accessing the REST API programmatically. For more details, see API Reference.