Štefan Hosťovecký

Web Consultant & Specialist & Full Stack Developer

Understanding Middleware in Strapi CMS


Strapi is a popular headless content management system (CMS) that provides developers with a flexible and scalable way to manage and distribute digital content through APIs. One of the key features of Strapi is its support for middleware, which allows developers to run custom logic before or after an API route is executed.

Middleware functions act as a bridge between the API request and response, and can be used to perform a variety of tasks such as authentication, authorization, data validation, and more. In this article, we will explore the concept of middleware in Strapi and provide examples of how it can be used to improve the functionality and security of your APIs.

Middleware in Strapi

Middleware functions in Strapi are standalone functions that can be used to modify the request or response data before or after a specific API route is executed. They are executed in the order in which they are defined, and have access to the request and response objects, allowing them to modify the data as needed.

Middleware functions can be used for a variety of tasks, such as:

  • Authenticating users and ensuring they have the correct permissions to access a route
  • Validating data to ensure it meets certain conditions before being processed
  • Modifying the response data to add additional information or to transform the data into a desired format

By using middleware in Strapi, developers can add custom logic to their APIs without having to modify the actual API logic, making it easier to manage and maintain APIs over time.

Using Middleware in Strapi

Let's look at an example of how middleware can be used in Strapi to validate data before it is processed. In this example, we will create a middleware function that checks the email address of a new user before it is saved to the database.

First, we create a new file called 'validate-email.js' and add the following code:

module.exports = (request, response, next) => {
  const { email } = request.body;
  const { email } = request.body;
  if (!/\S+@\S+\.\S+/.test(email)) {
    return response.status(400).send({ error: 'Invalid email address' });

In this code, we define a middleware function that extracts the email address from the request body, uses a regular expression to check that the email is formatted correctly, and returns an error message if it is not.

Next, we add the middleware function to our API route for creating new users, like this:

const validateEmail = require('./validate-email');

module.exports = {
  routes: [
      path: '/users',
      method: 'POST',
      handler: [validateEmail, async (request, response) => {
        // create new user in database

In this code, we import the validateEmail middleware function and add it to our POST /users route using the handler property. Now, when a new user is created, the middleware function will be executed first, checking that the email address is formatted correctly before the API route is executed.


Middleware is a powerful feature in Strapi that allows developers to add custom logic to their APIs in a flexible and maintainable way. By using middleware, developers can isolate specific pieces of logic, making their code more modular and easier to understand. In this article, we have explored the concept of middleware in Strapi and provided an example of how it can be used to validate data before it is processed.

Whether you are building a simple API or a complex web application, middleware is a useful tool to have in your development toolkit. By using middleware in Strapi, developers can build APIs that are secure, scalable, and easy to maintain. As you gain experience with Strapi, you can explore the many middleware functions that are available, and even create your own custom middleware to meet the specific needs of your application.

In conclusion, we hope that this article has provided you with a solid understanding of middleware in Strapi, and how it can be used to improve the functionality and security of your APIs. Happy coding!