In this 2023: Which framework we can use for rest API iris, Gin, Echo, Revel, Buffalo, Chi?

Hi team and comunnity, we need dev a api rest, but we are in analysis phase, we want to built a robusted , stronger, solid REST API which will have JWT + LDAP

the big question is ?

in this 2023: Which framework we can use for restAPI in, iris, Gin, Gorilla-mux?

Hi @devplusgg ! The real question should be: Do I need a full web framework? If the answer is YES and the work is serious, go always with a battle tested and solid one: Gin. If you need the best performance closing an eye on the stdlib friendship, the answer could be Fiber.
If you don’t need a full framework, think about a router like Chi or httprouter (Gin is built on it), gorilla-max is no long maintained.

hi @Metalymph , thinking, we don´t need a full framework… but we need to have a good router handler + middleware with JWT and LDAP.

thanks for the information that gorilla mux was discontinued, we didn’t know that :slight_smile:

1 Like

Jwt and LDAP could be done with good external libraries. Think about Bunrouter or Chi. About httprouter, I would avoid it due to the lack of activity; prefer Gin over it.

The big question you have is how to build a robust, strong, and solid REST API with JWT (JSON Web Tokens) and LDAP integration. Here are some considerations to help you in the analysis phase:

  1. API Framework: Choose a suitable API framework that supports your desired programming language and provides robust features for building REST APIs. Popular options include Express.js (Node.js), Django (Python), Spring Boot (Java), or ASP.NET Core (C#).
  2. JWT Authentication: JSON Web Tokens (JWT) can be used for authentication and authorization in your API. When a user logs in, the server generates a JWT containing user details and signs it with a secret key. The client includes this token in subsequent requests to access protected resources. Ensure that your chosen API framework supports JWT authentication or use a library specifically designed for JWT authentication.
  3. LDAP Integration: Lightweight Directory Access Protocol (LDAP) can be used for user authentication and user management. LDAP is a widely adopted protocol for accessing and maintaining directory services. Integrate LDAP with your API to authenticate users against an LDAP server and retrieve user information. You’ll need to configure the connection to your LDAP server and implement the necessary logic to authenticate users.
  4. Secure Communication: Ensure that your API communicates over HTTPS (HTTP over SSL/TLS) to provide encryption and secure data transmission. This is essential for protecting sensitive information such as authentication credentials and user data.
  5. Authorization and Access Control: Define granular access control policies to determine which users have access to specific resources and actions within your API. JWT can contain user roles or permissions, which can be used to enforce authorization rules on API endpoints.
  6. Error Handling and Validation: Implement comprehensive error handling and validation mechanisms to provide meaningful error messages and handle edge cases gracefully. Validate incoming requests and handle errors consistently across your API.
  7. Logging and Monitoring: Incorporate logging and monitoring into your API to capture relevant information for debugging and performance analysis. Log important events, errors, and request/response details. Use monitoring tools or services to track API performance and availability.

This is probably too ‘low level’ for you - but I just use standard Go (though I do use for socketio as well), e.g.

func HandleFile(w http.ResponseWriter, req *http.Request) {
	extension := path.Ext(req.URL.Path)
	switch req.Method {
	case "GET":
	case "PUT":

Where I bind this with:

func ServeHTTPandIO(handlers []Handler) {
	var err error
	mux := http.NewServeMux()
	mux.HandleFunc("/", indexOrFail)
	mux.HandleFunc("/scripts", scripts.HandleDirectory)
	mux.HandleFunc("/scripts/", scripts.HandleFile)

But, I’m a big fan of avoiding dependencies, so this makes sense for me :slight_smile:

I hope this helps - Andy


hi @bluefire thank for you response, we implement sucessfull JWT Authentication + LDAP Integration.Secure Communication+ Authorization and Access Control , we build a RBAC system comunicacon with our Active Directory.


u a welcom