1.3.1 • Public • Published


npm Bower

AngularJS 1.x client module to handle RESTHeart API calls properly and easily.


This module contains the following services:

  • RhAuth authentication service
  • Rh Restangular service configured for RESTHeart
  • FRh Restangular service configured for RESTHeart with full response enabled (response headers)
  • RhLogic Restangular service for RESTHeart Application Logic resources

For more information on Restangular refer to its documentation

Build and release a new version of this library

Note: this section is for library's developers only.

  1. set the VERSION number in gulpfile.js then
gulp build

The gulp-bump plugin automatically updates the version number in both bower.json and package.json.

  1. git tag with the same VERSION

  2. git push the new release.



bower install angular-restheart

Import the javascript component.

<script src="bower_components/angular-restheart/dist/angular-restheart.min.js"></script>

Inject into your App.

angular.module('myApp', ['restheart'])

Inject the two services into your Controller.

.controller('MyCtrl', ['RhAuth', 'Rh',
        function (RhAuth, Rh) {
        // here your logic


You have to configure angular-restheart before using it.

setBaseUrl() to set the base URL of RESTHeart.

setLogicBaseUrl(<logic_baseurl>) to set the base URL of RESTHeart application logic handlers (usually /_logic but may differ). For more information refer to RESTHeart documentation

onForbidden(callback) to set the callback function the be called on error 403 - Forbidden

onUnauthenticated(callback) to set the callback function the be called on 401 - Unauthorized

onTokenExpired(callback) to set the callback function the be called on 401 - Unauthorized due to token expiration

The callback functions are passed two arguments: $location and $state, that can be used for redirection.

Also, in case of errors the rh_error varible is set in the local storage:

rh_error: {"why": ["forbidded" | "expired" "not_authenticated"], "path": <path_where_error_occurred>, "state": <state_name_where_error_occurred>, "params": <state_params_object> }

Configuration Example

.config(function (restheartProvider) {
            function ($location, $state) {
            function ($location, $state) {
                console.log("Token Expired");
            function ($location, $state) {
                console.log("User Unauthenticated, wrong credentials");

Authentication Flow

angular-restheart uses RESTHeart token-based authentication feature. For more information refer to RESTHeart documentation

The following sequence depicts the authentication flow:

Sign in

  1. Client: Enter your email and password into the login form.
  2. Client: On form submit call RhAuth.signin() with id and password.
  3. Client: Provide username and password credentials via the basic authentication method.
  4. RestHeart Identity Manager (IDM): Verify the user identity: if not - return 401 Unauthorized.
  5. RestHeart Access Manager (AM): Determine if the client is given the permission to execute it against the configured security policy:, if not - return 403 Forbidden.
  6. RestHeart: Create an Auth Token and send it back to the client.
  7. Client: Parse the token and save it to Local Storage for subsequent.

Sign out

  1. Client: Call RhAuth.signout() with a boolean parameter.
  2. RestHeart: If RhAuth.signout(true) Remove Auth Token from database.
  3. Client: Remove token from Local Storage.

The RhAuth service

RhAuth service allows to easily authenticate a client. In case of authentication succedes, the authentication token generated by RESTHeart is saved in the session storage of the browser (with cookie fallback) and will be used by Rh* services to transparently manage authentication.

The two main public methods are signin() and signout().

signin(id, password) takes two input String parameters: id and password. It returns a promise that is resolved to true if the authentication succedes and to false otherwise.

Signin example

 .controller('MyCtrl', ['RhAuth',
        function (RhAuth) {
            $scope.signin = function () {
                var promise = RhAuth.signin('riccardo', 'myP4ssword');
                promise.then(function(response) {
                    if(response) {
                    else {
                        console.log("Not Authorized");

signout(invalidateToken) clears the authentication token from the local storage. If invalidateToken is true it also makes a DELETE request to invalidate the authentication token from RESTHeart. Use false if you don't want other user sessions to get signed out.

Signout example

.controller('MyCtrl', ['RhAuth',
        function ( RhAuth) {
            $scope.signout = function () {

Usage of Rh service

Rh allows you to use Restangular properly configured to work with RESTHeart.

.controller('MyCtrl', ['Rh',
        function (Rh) {
            $scope.simpleRestangularRequest = function () {
                Rh.all('/db/coll').getList().then(function (documents) { // returns a list of the collection documents



npm i angular-restheart

DownloadsWeekly Downloads






Last publish


  • softinstigate