--- description: API Routes provide built-in middlewares that parse the incoming request. Learn more about them here. --- # API Middlewares
Examples
API routes provide built in middlewares which parse the incoming request (`req`). Those middlewares are: - `req.cookies` - An object containing the cookies sent by the request. Defaults to `{}` - `req.query` - An object containing the [query string](https://en.wikipedia.org/wiki/Query_string). Defaults to `{}` - `req.body` - An object containing the body parsed by `content-type`, or `null` if no body was sent ## Custom config Every API route can export a `config` object to change the default configs, which are the following: ```js export const config = { api: { bodyParser: { sizeLimit: '1mb', }, }, } ``` The `api` object includes all configs available for API routes. `bodyParser` Enables body parsing, you can disable it if you want to consume it as a `Stream`: ```js export const config = { api: { bodyParser: false, }, } ``` `bodyParser.sizeLimit` is the maximum size allowed for the parsed body, in any format supported by [bytes](https://github.com/visionmedia/bytes.js), like so: ```js export const config = { api: { bodyParser: { sizeLimit: '500kb', }, }, } ``` `externalResolver` is an explicit flag that tells the server that this route is being handled by an external resolver like _express_ or _connect_. Enabling this option disables warnings for unresolved requests. ```js export const config = { api: { externalResolver: true, }, } ``` ## Connect/Express middleware support You can also use [Connect](https://github.com/senchalabs/connect) compatible middleware. For example, [configuring CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) for your API endpoint can be done leveraging the [cors](https://www.npmjs.com/package/cors) package. First, install `cors`: ```bash npm i cors # or yarn add cors ``` Now, let's add `cors` to the API route: ```js import Cors from 'cors' // Initializing the cors middleware const cors = Cors({ methods: ['GET', 'HEAD'], }) // Helper method to wait for a middleware to execute before continuing // And to throw an error when an error happens in a middleware function runMiddleware(req, res, fn) { return new Promise((resolve, reject) => { fn(req, res, (result) => { if (result instanceof Error) { return reject(result) } return resolve(result) }) }) } async function handler(req, res) { // Run the middleware await runMiddleware(req, res, cors) // Rest of the API logic res.json({ message: 'Hello Everyone!' }) } export default handler ``` > Go to the [API Routes with CORS](https://github.com/vercel/next.js/tree/canary/examples/api-routes-cors) example to see the finished app ## Extending the `req`/`res` objects with TypeScript For better type-safety, it is not recommended to extend the `req` and `res` objects. Instead, use functions to work with them: ```ts // utils/cookies.ts import { serialize, CookieSerializeOptions } from 'cookie' import { NextApiResponse } from 'next' /** * This sets `cookie` using the `res` object */ export const setCookie = ( res: NextApiResponse, name: string, value: unknown, options: CookieSerializeOptions = {} ) => { const stringValue = typeof value === 'object' ? 'j:' + JSON.stringify(value) : String(value) if ('maxAge' in options) { options.expires = new Date(Date.now() + options.maxAge) options.maxAge /= 1000 } res.setHeader('Set-Cookie', serialize(name, String(stringValue), options)) } // pages/api/cookies.ts import { NextApiRequest, NextApiResponse } from 'next' import { setCookie } from '../../utils/cookies' const handler = (req: NextApiRequest, res: NextApiResponse) => { // Calling our pure function using the `res` object, it will add the `set-cookie` header setCookie(res, 'Next.js', 'api-middleware!') // Return the `set-cookie` header so we can display it in the browser and show that it works! res.end(res.getHeader('Set-Cookie')) } export default handler ``` If you can't avoid these objects from being extended, you have to create your own type to include the extra properties: ```ts // pages/api/foo.ts import { NextApiRequest, NextApiResponse } from 'next' import { withFoo } from 'external-lib-foo' type NextApiRequestWithFoo = NextApiRequest & { foo: (bar: string) => void } const handler = (req: NextApiRequestWithFoo, res: NextApiResponse) => { req.foo('bar') // we can now use `req.foo` without type errors res.end('ok') } export default withFoo(handler) ``` Keep in mind this is not safe since the code will still compile even if you remove `withFoo()` from the export.