bguiz does not currently provide support for this item.

11 comments found.

Very nice. But I did not learn NodeJS.

Thanks. If you would like to get started, I recommend

Ele tem uma versao Portugues, bem

Finally a nodejs project… nice to see it here.

So this is only API; there is not a GUI?

Are you using a framework?

Tips: I think that you need double check license. Because envato extended license allow to use on 1 commercial project, not multiple project. Normal license allow on 1 non-commercial project.

Thank you!

Yes, this is API only, by design, and the front end is up to you to create. Best suited to native apps and single page web apps.

No, no framework used, unless you count expressjs as a one. Apart from that, just low level libraries for specific functionality.

Thanks for the heads up on the licences. I’ll be sure to update this soon.

I would love to hear more of your feedback if/ when you try this module. Let me know if you like the feature list, or have any suggestions for new ones.


Great product – thanks!

Glad to hear, and thanks for your great review too!

Let me know if you have any suggestions, or feature requests for this package.

Hi Brendan, I’ve bought this package, but am struggling to implement the features without some client side examples for using the api. Can you help? Or point me to somewhere that might have a similar example? Thanks, Dec

Hi Declan,

I’m sorry to hear that – and I’d like to help you out with using this library.

If you could, please give me some specifics of the use cases in which you are using ez-accounts? For example, are you making API requests from a native application, or the server (for server-side rendered pages) or the client (for single-page apps)?


Hi Brendan, Thanks for responding so quickly. We have a single page application served using node/express/jade that provides an interface to a remote service through REST API calls from the server. We need to put user management and logins in front of that. If you could provide some samples of using the API’s, I can embed that in some jade templates. For example, what does a login look like? The HTML form, the API call, the server side and the response. Thanks, Declan

No worries

In the context of a single page application, you will need to have a form with input fields, but have a submit button that does not submit, but instead have an event listener which reads the values from the input fields, and uses those to invoke the API.

Based on the response, you can save the token in localStorage, sessionStorage, or whatever other mechanism you would like. From then on, whenever your front end makes an API request to an API which requires authentication, it should attach that token to the request.

That’s what you’ll need to do on your front end.

On the back end, it is much easier, especially since you are using express. All you need to do is to add the various middlewares of your choosing to the express route which requires authentication.

For example, if a particular API requires a user to be authenticated, and have the role of ‘admin’, you would add:

or, alternatively, the shorthand for the above which ezaccounts provides:


This was what I felt was missing from other authentication and authorisation NodeJs libraries, and what led me to develop this library, and name it easy accounts – with the power of express, auth can be as simple as adding middleware to your routes.

Back to our question now – I’m not sure if that is enough detail, or if you would like me to elaborate further.

For an example of using the middleware in an express server, refer to /api/index.js in ezaccoutns, and look at the various express routes defined on /test/*

For an example front end, send me a message on either twitter (@bguiz) or reddit (/u/bguiz), with more specifics about your current project and the front end libraries/ frameworks that you are using, and we can take it from there.


I was interested in this… and saw the stripe logo in your header graphic. how does stripe come into play with this?

Hi Jim,

Yes, this module does indeed come with Stripe built into it. It exposes APIs for payments.

HTTP POST /account/payments

This API uses the accounts middleware without requiring any roles (any logged in user) to make a payment. The credit card details are saved against this user account (actually just the ID, the actual details are saved by Stripe in order to make it easy to comply with PCI regulatory requirements, see Stripe’s docs). The actual credit processing is delegated to Stripe, with EzAccounts wrapping around it to associate payment details wth user accounts easy.

HTTP GET /account/payments/cards

This API lists all the saved cards (ID and last four digits) that have been previously saved against the current acount.

In these modules, the APIs are decomposed into more granular functions, and it should be easy enough to compose your own custom payment flows. The above two are sufficient to support almost every single use case you are likely to come across though.

Let me know if you need more details or have more questions.

Hope this helps, Brendan

Whats express version that you used, 3 or 4? Thx

Currently it is using express 4.9.x

Need a version for postgresql. is it possible?

Hi bhavbumi, this has been written for MongoDB specifically, and would require a rewrite of the database interactions. That is a significant undertaking, and I do not have plans to do that in the near future.

Would you be able to do it for me as a separate project?

I’ll need the scope for what you are doing. It might be easier to have a conversation on another platform. Visit and look at the links at the top for the various ways to contact me (Twitter preferred).

Dear NodeJs Ez Accounts author,

I’m interested in the extended license but I’d like to verify a few things if I could,

1. Do you have, or planning adding, Access Control Lists for users, allowing them to be members of a group and restrict their REST API calls in Node Express4 of RESTify?

2. Do you use or are considering using JSON Web Tokens?

Thanks, Robert

Hi Robert,

> 1. Do you have, or planning adding, Access Control Lists for users, allowing them to be members of a group and restrict their REST API calls in Node Express4 of RESTify?

Yes, that is precisely what this is all about. It provides express middleware that allows authorisation and role-based authorisation for access to any express route. See footnote for more details

> 2. Do you use or are considering using JSON Web Tokens?

Yes indeed, JSON web tokens are used. This was done in order to allow native apps (e.g. iOS, Android) as well as single-page web applications (e.g. AngularJS, EmberJS) to interact with a server running ezaccounts much more easily.

Happy to help with any other queries, Brendan

(*) Details on roles vs access control lists:

Ezaccounts does not use access control lists to determine which users have access to which resources, but rather uses roles to do so instead. This however, in the majority of cases is simply pure semantics of where the information is stored: In access control lists, a separate data structure is stored which lists groups of users which have access to particular resources. For roles, OTOH, the info about which resources the user is entitled to is stored within the user’s data structure itself. There are some slight disk-space vs processing speed optimisation considerations here, but for most servers, these will hardly matter. If you would like me to go into more detail, comment again, and I’ll be happy to elaborate. tl;dr= uses role based authentication, and it will likely satisfy any use case you have based on access control lists


In addition to purchasing NodeJS EZ Accounts to determine if I can complete some solution less expensive than Auth0 (which seems to keep up with all the Passport “strategies”), I’ve also purchased a more recent tutorial that uses passport w/ registration and OAuth 2.0,

The complete version of the code that is walked through quite well is at (the last and final version being updated at 4.1),

Since EZ Accounts was completed in 2014, and the above just recently, is there any value in trying to combine the best of both projects?

Obviously I like your API approach better, but the above has some attractive features also, and assists in thorough knowledge.

One final question: Might it be worth just getting a beta going using Auth0 and PubNub sandboxes? ... instead of writing the entire registration, login, api and real-time data exchange with based on channel, user and message; or do you believe it’s always better to develop ones own low-cost solution?

Btw, are you available for hire on a project?

Sincerely, Robert

Hi Robert,

> Since EZ Accounts was completed in 2014, and the above just recently, is there any value in trying to combine the best of both projects?

Not much has changed between 2014 and present with regards to the technologies used here, both JSON web tokens, and OAuth, so I would not use that as a measure or consideration.

> One final question: Might it be worth just getting a beta going using Auth0 and PubNub sandboxes?

I am not familiar with Auth0 – I have heard of them, but have not used them – out of personal preference. I am pretty certain that you can use ezaccounts in place of Auth0. That being said, please let me know how you are using it, and what features would be needed to bring it to parity.

If you are considering PubNub (or Pusher, for that matter), I would strongly encourage you to check out socketcluster first. It is an open source equivalent to PubNub, but not as fully featured – you don’t get the frills like an admin dashboard etc.

I have yet to use socketcluster myself, but I am working on a successor to ezaccounts at the moment; one that updates it to make use of Javascript features now available thanks to ES6.

Once it reaches feature parity with ezaccounts, I will look into adding some means for users to communicate with each other. From my research thus far, socketcluster looks like it has a lot going for it. Another library I came across for this that looked promising is deepstream, but that doesn’t seem to have as much active development going on, and not as mature as, socketcluster.

From a broader perspective, I would say it is best to try out as many different things as you can afford the time for – so if you have room to experiment, go for it!

> Btw, are you available for hire on a project?

Unfortunately no, I am not. However, I am happy to have a chat with you. Hit up my website – you will find a number of ways to get in touch with me there.

Cheers, Brendan


Can this app be modified to work with MYSQL?

It assumes that you’re using MongoDb. It can be modified to work with MySql (or any other database) but that would involve a significant amount of work.

If I buy this, does this include all source codes? And I can change the API source code for my needs?

Yes, full source code is provided, including instructions on how to set up and deploy the server. You are almost certainly going to add new APIs so that your server can do something specific to your project/ business needs.